PrepAway - Latest Free Exam Questions & Answers

Which of the following Operation Security controls is i…

Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally
or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering
the system?

PrepAway - Latest Free Exam Questions & Answers

A.
Detective Controls

B.
Preventative Controls

C.
Corrective Controls

D.
Directive Controls

Explanation:
Preventative Controls. In the Operations Security domain, preventative controls are designed to achieve two
things — to lower the amount and impact of unintentional errors that are entering the system, and to prevent
unauthorized intruders from internally or externally accessing the system. An example of these controls might
be pre-numbered forms, or a data validation and review procedure to prevent duplications.
Incorrect Answers:
A: Detective controls are used to detect an error once it has occurred; they do not prevent unauthorized
intruders from internally or externally accessing the system.
C: Corrective controls are implemented to help mitigate the impact of a loss event through data recovery
procedures. They do not prevent unauthorized intruders from internally or externally accessing the system.
D: Directive controls are administrative instruments such as policies, procedures, guidelines, and agreements.
They do not prevent unauthorized intruders from internally or externally accessing the system.

Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams,
2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 217.


Leave a Reply