PrepAway - Latest Free Exam Questions & Answers

Which of the following pairings uses technology to enfo…

Which of the following pairings uses technology to enforce access control policies?

PrepAway - Latest Free Exam Questions & Answers

A.
Preventive/Administrative

B.
Preventive/Technical

C.
Preventive/Physical

D.
Detective/Administrative

Explanation:
Controls are implemented to mitigate risk and reduce the potential for loss. Controls can be preventive,
detective, or corrective. Preventive controls are put in place to inhibit harmful occurrences; detective controls
are established to discover harmful occurrences; corrective controls are used to restore systems that are
victims of harmful attacks.
Technical controls are the software tools used to restrict subjects’ access to objects. They are core
components of operating systems, add-on security packages, applications, network hardware devices,
protocols, encryption mechanisms, and access control matrices. These controls work at different layers within a
network or system and need to maintain a synergistic relationship to ensure there is no unauthorized access to
resources and that the resources’ availability, integrity, and confidentiality are guaranteed. Technical controls
protect the integrity and availability of resources by limiting the number of subjects that can access them and
protecting the confidentiality of resources by preventing disclosure to unauthorized subjects.
Incorrect Answers:
A: Administrative controls are commonly referred to as “soft controls” because they are more managementoriented. Examples of administrative controls are security documentation, risk management, personnel
security, and training. Administrative controls do not use technology to enforce access control policies.
C: Physical controls are items put into place to protect facility, personnel, and resources. Examples of physical
controls are security guards, locks, fencing, and lighting. Physical controls do not use technology to enforce
access control policies.
D: Detective controls are established to discover harmful occurrences after they have happened. Administrative
controls are commonly referred to as “soft controls” because they are more management-oriented. Examples
of administrative controls are security documentation, risk management, personnel security, and training.
Detective controls and administrative controls do not use technology to enforce access control policies.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 28, 245


Leave a Reply