Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location
Mob_nav_barsMENU

Exin Exam CITM Topic 8 Question 5 Discussion

Actual exam question for Exin's CITM exam
Question #: 5
Topic #: 8
[All CITM Questions]

A technical team investigating possible controls concludes that the most preferred control cannot be implemented as a result of too many constraints and decides to propose the second-best control. How is this control being referred to?

Show Suggested Answer Hide Answer
Suggested Answer: B

A compensating control is an alternative control implemented when the preferred control cannot be applied due to constraints (e.g., technical, financial, or operational). According to frameworks like COBIT or ISO/IEC 27001, compensating controls provide equivalent or partial risk mitigation when the primary control is infeasible.

Deterrent controls (A) discourage violations, detective controls (C) identify incidents, and corrective controls (D) address issues after they occur. Only compensating control (B) fits the scenario of a second-best alternative due to constraints.


by Jolene at Aug 04, 2025, 10:53 PM

Limited Time Offer

25%

Off

Get Premium CITM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Matt
41 minutes ago
I remember practicing a question about controls, and I think the second-best option is often referred to as a compensating control.
upvoted 0 times
...
Yaeko
6 days ago
I think the term we're looking for is "compensating control," but I'm not entirely sure if that's the right choice.
upvoted 0 times
...
Ruth
11 days ago
The key here is that the team couldn't implement the preferred control due to constraints, so they had to go with the second-best option. That sounds like a compensating control to me.
upvoted 0 times
...
Krissy
17 days ago
I'm a little confused by the wording of this question. I'll need to re-read it a few times to make sure I understand what they're asking.
upvoted 0 times
...
Lilli
22 days ago
Okay, let's see. If the team couldn't implement the preferred control, then the second-best option must be a compensating control. I think that's the answer.
upvoted 0 times
...
Asha
28 days ago
Hmm, I'm a bit unsure about the difference between the control types here. I'll need to think this through carefully.
upvoted 0 times
...
Daron
1 month ago
This seems like a straightforward question about control types. I'm pretty confident I can figure this out.
upvoted 0 times
...
Shanice
1 month ago
Actually, I believe the correct answer is B) Compensating control because it helps to mitigate the risks when the preferred control cannot be implemented.
upvoted 0 times
...
Dana
2 months ago
B) Compensating control - It's the control that says, 'Hey, we couldn't do the best thing, but we're doing the next best thing.'
upvoted 0 times
...
Elin
2 months ago
Hah, I bet the team is wishing they had a 'magical control' option instead of these boring choices.
upvoted 0 times
...
Mel
2 months ago
I'm not sure, but I think it might be C) Detective control.
upvoted 0 times
...
Nan
3 months ago
D) Corrective control? Nah, that's not it. Gotta be B, the compensating control.
upvoted 0 times
...
Jamal
3 months ago
B) Compensating control - Makes sense, since the team couldn't implement the preferred control due to constraints.
upvoted 0 times
Elouise
2 months ago
A) Deterrent
upvoted 0 times
...
...
Clay
3 months ago
I agree with Tina, the second-best control is usually a compensating control.
upvoted 0 times
...
Tina
3 months ago
I think the answer is B) Compensating control.
upvoted 0 times
...

Save Cancel