CYSA+ MODULE 1 UPDATED ACTUAL Questions and CORRECT Answers
Acts to eliminate or reduce the likelihood that an attack can
Preventative Control
succeed
are measures taken to detect and respond to incidents or
Detective Control
vulnerabilities.
The Detective Control Is a functional control that is not a security control class.
Corrective Control Restores data after an intrusion, e.g., backups.
Compensating Control Substitutes principal control with equivalent protection.
Serve to direct corrective actions enacted after the orga-
Responsive Control nization confirms the incident. The team often documents
these actions in a playbook.
Playbook Documentation Records actions taken during incident responses.
What is managerial control? Gives oversight of the information system.
What is an example of managerial control? Risk identification.
A tool allowing the evaluation and selection of other secu-
What is another example of a managerial control tool?
rity controls.
What are technical controls primarily executed by? Systems (hardware, software, or firmware)
What is an example of a technical control? Firewalls
What is another example of a technical control? Antivirus software
What is an example of a technical control related to user
Operating system (OS) access control models
permissions?
What is operational control primarily implemented and
People
executed by?
What are examples of operational controls? Security guards and training programs
What does the Change Management Policy dictate about Patching must finish quickly enough to accommodate roll-
patching? back plans if trouble occurs.
Acts to eliminate or reduce the likelihood that an attack can
Preventative Control
succeed
are measures taken to detect and respond to incidents or
Detective Control
vulnerabilities.
The Detective Control Is a functional control that is not a security control class.
Corrective Control Restores data after an intrusion, e.g., backups.
Compensating Control Substitutes principal control with equivalent protection.
Serve to direct corrective actions enacted after the orga-
Responsive Control nization confirms the incident. The team often documents
these actions in a playbook.
Playbook Documentation Records actions taken during incident responses.
What is managerial control? Gives oversight of the information system.
What is an example of managerial control? Risk identification.
A tool allowing the evaluation and selection of other secu-
What is another example of a managerial control tool?
rity controls.
What are technical controls primarily executed by? Systems (hardware, software, or firmware)
What is an example of a technical control? Firewalls
What is another example of a technical control? Antivirus software
What is an example of a technical control related to user
Operating system (OS) access control models
permissions?
What is operational control primarily implemented and
People
executed by?
What are examples of operational controls? Security guards and training programs
What does the Change Management Policy dictate about Patching must finish quickly enough to accommodate roll-
patching? back plans if trouble occurs.
