Describe the differences between preventive, detective, and corrective controls with examples.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Cyber ProKnow AI Test with multiple choice questions, detailed explanations, and tailored study resources. Enhance your skills and confidence to excel in the exam!

Multiple Choice

Describe the differences between preventive, detective, and corrective controls with examples.

Explanation:
The idea being tested is how security controls are categorized by what they do in the response to threats: stop, detect, or recover. Preventive controls aim to stop threats before they can do harm. They are designed to block unwanted access or actions, so you usually see them as barriers like firewalls, access control lists, or strict authentication mechanisms. Detective controls, on the other hand, are meant to identify that something is happening or has happened. They monitor activity, generate alerts, and help investigators understand what’s going on, with examples such as intrusion detection systems, SIEM platforms, and log reviews. Corrective controls come into play after an incident to restore services and reduce damage; they focus on recovering to a normal state, using methods like data backups, disaster recovery procedures, and system restore processes. So the best-matched set pairs preventive with a firewall (blocking unauthorized access), detective with an IDS (alerting when suspicious activity is detected), and corrective with backups (allowing restoration after an incident). This alignment clearly illustrates the distinct functions: stop first, watch for problems, then recover. Other options mix up the roles or assign actions that don’t fit the function—for example, treating encryption as a corrective action or suggesting preventive and detective are the same—which breaks the clear progression of prevent, detect, and correct.

The idea being tested is how security controls are categorized by what they do in the response to threats: stop, detect, or recover. Preventive controls aim to stop threats before they can do harm. They are designed to block unwanted access or actions, so you usually see them as barriers like firewalls, access control lists, or strict authentication mechanisms. Detective controls, on the other hand, are meant to identify that something is happening or has happened. They monitor activity, generate alerts, and help investigators understand what’s going on, with examples such as intrusion detection systems, SIEM platforms, and log reviews. Corrective controls come into play after an incident to restore services and reduce damage; they focus on recovering to a normal state, using methods like data backups, disaster recovery procedures, and system restore processes.

So the best-matched set pairs preventive with a firewall (blocking unauthorized access), detective with an IDS (alerting when suspicious activity is detected), and corrective with backups (allowing restoration after an incident). This alignment clearly illustrates the distinct functions: stop first, watch for problems, then recover. Other options mix up the roles or assign actions that don’t fit the function—for example, treating encryption as a corrective action or suggesting preventive and detective are the same—which breaks the clear progression of prevent, detect, and correct.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy