Control Objectives 2

Question 1

Directive controls

Answer 1

Are proactive actions taken to cause or encourage a desirable event and outcome occur. Are broad in nature, used to increase the effectiveness of other controls, examples: frameworks, models, polices, guidance statements

Question 2

Control category - operational

Answer 2

Operational controls are aligned with a process that are primaily implemented and executed by people (change management, testing, training)

Question 3

Control classification- corrective

Answer 3

Corrective controls minimize the impact of a threat agent or modify or fix situation

Question 4

Control category- technical

Answer 4

Technical control mechanism are implemented using hardware, software and/or firmware components, can be native or supplementary (firewalls, cryptography, 2FA)

Question 5

Control classification - preventive

Answer 5

Preventive controls stop a threat agent from being successful

Question 6

Layered security

Answer 6

Layered security (defense-in-depth) is the design and implementation of multiple overlapping layers of diverse controls

Question 7

Control category-Managerial

Answer 7

Managerial controls relate to risk management, governance, oversight, strategic alignment and decision making

Question 8

Control category physical

Answer 8

Physical controls are designed to address physical interactions. Generally related to buildings and equipment

Question 9

Control classification : Deterrent

Answer 9

Deterrent controls discourage a threat agent from acting

Question 10

Control classification : Detective controls

Answer 10

Detective controls identify and report a threat agent or a threat action

Question 11

Compensating controls

Answer 11

Compensating controls are implemented in lieu of a recommended control that provided equivalent or comparable protection, can be supplemental, short-term or temporarly