Section 3: Security Controls Categories and Types

Question 1

Type: Question & Answer
Question: What type of security controls are mechanisms implemented into hardware, software, or firmware to automate the process of preventing, detecting, and responding to security threats?

Answer 1

Answer: Technical Controls (also known as logical security controls)

Question 2

Type: Multiple Choice Question (Select ONE answer)
Question: Firewalls, Intrusion Detection Systems (IDS), and encryption software are examples of which category of security controls?
A) Managerial Controls
B) Operational Controls
C) Physical Controls
D) Technical Controls

Answer 2

Answer: D) Technical Controls

Question 3

Type: True/False
Question: Security policies and risk management plans are considered Operational Controls because they deal with day-to-day procedures.

Answer 3

Answer: False (They are Managerial Controls.)

Question 4

Type: Multiple Choice Question (Select ALL that apply)
Question: Which of the following are examples of Managerial Controls?
A) Security Policies and Procedures
B) Firewalls
C) Incident Response and Recovery Plans
D) Antivirus Software

Answer 4

Answer: A, C

Question 5

Type: Question & Answer
Question: What type of security controls focus on day-to-day procedures implemented by an organisation to maintain the security of its information and assets?

Answer 5

Answer: Operational Controls

Question 6

Type: Question & Answer
Question: Lighting, signs, fences, and security guards are examples of which type of security control?

Answer 6

Answer: Physical Controls

Question 7

Type: True/False
Question: Physical controls are primarily designed to prevent unauthorised access, damage, or interference to physical hardware and facilities.

Answer 7

Answer: True

Question 8

Type: Question & Answer
Question: What type of security control is implemented to stop a security incident from happening?

Answer 8

Answer: Preventative Controls

Question 9

Type: Multiple Choice Question (Select ONE answer)
Question: Which of the following is an example of a Detective Control?
A) An Intrusion Prevention System (IPS) blocking malicious traffic
B) Encryption of sensitive data at rest
C) Video surveillance monitoring a data centre
D) A policy requiring strong passwords

Answer 9

Answer: C) Video surveillance monitoring a data centre

Question 10

Type: True/False
Question: Restoring backups after a ransomware infection is an example of a Corrective Control.

Answer 10

Answer: True

Question 11

Type: Multiple Choice Question (Select ALL that apply)
Question: Which of the following are examples of Deterrent Controls?
A) Guard dogs
B) Security cameras
C) Barbed wire fences
D) Incident response procedures

Answer 11

Answer: A, B, C

Question 12

Type: Question & Answer
Question: What type of security control is implemented to provide direction on how systems work or are to be used, such as policies and procedures?

Answer 12

Answer: Directive Controls

Question 13

Type: True/False
Question: A Compensating Control is always the preferred primary control for addressing a security risk.

Answer 13

Answer: False (Compensating controls provide an alternative when primary controls are insufficient.)

Question 14

Type: Question & Answer
Question: What information assurance concept involves placing multiple layers of security controls within an IT system to protect information?

Answer 14

Answer: Layered Security (also known as Defence in Depth)

Question 15

Type: True/False
Question: Defence in Depth relies on a single, strong security control to protect an entire system.

Answer 15

Answer: False (It relies on multiple layers of controls.)