Which of the following is NOT an example of preventive control?

A.
Physical access control like locks and door

B.
User login screen which allows only authorize user to access website

C.
Encrypt the data so that only authorize user can view the same

D.
Duplicate checking of a calculation

Explanation:
Preventive Access Controls are intended to prevent an incident from occurring. Duplicate checking of a
calculation is not an example of a preventive control.
Physical access control like locks and doors are an example of preventive/physical controls. These measures
are intended to restrict the physical access to areas with systems holding sensitive information.
A user login screen which allows only authorized users to access a website is an example of preventive/
technical control. The preventive/technical pairing uses technology to enforce access control policies. These
technical controls are also known as logical controls and can be built into the operating system, be software
applications, or can be supplemental hardware/software units.
Encrypting the data so that only authorized users can view it is another example of preventive/technical control.
The preventive/technical pairing uses technology to enforce access control policies. Some typical preventive/
technical controls are protocols, encryption, smart cards, biometrics (for authentication), local and remote
access control software packages, call-back systems, passwords, constrained user interfaces, menus, shells,
database views, limited keypads, and virus scanning software.
Incorrect Answers:
A: Physical access control like locks and doors are an example of preventive controls.
B: A user login screen which allows only authorized users to access a website is an example of preventive
control.
C: Encrypting the data so that only authorized users can view it is an example of preventive control.

Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 49