(ISC)2 Certified in Cybersecurity Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the (ISC)2 Certified in Cybersecurity Exam with comprehensive quizzes and extensive question banks. Enhance your skills with detailed explanations and practice tests designed to improve your expertise for the certification exam. Get exam-ready now!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What type of control is designed to identify security issues that necessitate further investigation?

  1. Preventive Control

  2. Detective Control

  3. Recovery Control

  4. Comprehensive Control

The correct answer is: Detective Control

Detective control is designed to identify security issues, allowing organizations to recognize potential breaches or anomalies after they have occurred. This type of control plays a critical role in incident response, as it provides the necessary information to investigate and respond to security threats effectively. For example, systems like intrusion detection systems (IDS) monitor activities on a network to identify unauthorized access or unusual behavior. Logs and alerts generated by these systems can indicate potential security events that require further examination. By detecting and alerting on these issues, organizations can take timely action to mitigate risks and enhance their security posture. In contrast, preventive controls aim to stop security incidents from occurring in the first place, while recovery controls focus on restoring systems after an incident has taken place. Comprehensive control isn't commonly defined in cybersecurity contexts and doesn't specifically pertain to identifying issues needing investigation. Thus, the focus on detection and investigation aligns precisely with the purpose of detective controls.

More Questions Like This