New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 6 Question 60 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 60
Topic #: 6
[All CSSLP Questions]

To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?

Show Suggested Answer Hide Answer
Suggested Answer: D

Preventive controls are the security controls that are intended to prevent an incident from occurring, e.g., by locking out unauthorized

intruders.

Answer C is incorrect. Detective controls are intended to identify and characterize an incident in progress, e.g., by sounding the

intruder alarm and alerting the security guards or police.

Answer A is incorrect. Corrective controls are intended to limit the extent of any damage caused by the incident, e.g., by recovering the

organization to normal working status as efficiently as possible.

Answer B is incorrect. There is no such categorization of controls based on time.


by Laurel at Nov 16, 2022, 06:53 PM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Georgeanna
4 months ago
Just to clarify, preventive controls stop incidents before they happen, right?
upvoted 0 times
...
Olive
4 months ago
Wait, are you sure it's not adaptive controls?
upvoted 0 times
...
Raymon
4 months ago
Definitely D, no doubt about it!
upvoted 0 times
...
Ula
4 months ago
I thought corrective controls were for prevention too?
upvoted 0 times
...
Glory
4 months ago
Preventive controls are the way to go!
upvoted 0 times
...
Glory
5 months ago
Preventive controls sound right, but I keep mixing them up with adaptive controls. Need to double-check that!
upvoted 0 times
...
Jennie
5 months ago
I feel like I’ve seen a question like this before, and I think detective controls are more about identifying incidents after they happen.
upvoted 0 times
...
Lindsey
5 months ago
I'm not entirely sure, but I remember something about corrective controls being more about fixing issues after they occur.
upvoted 0 times
...
Carol
5 months ago
I think preventive controls are the ones that stop incidents before they happen, right?
upvoted 0 times
...
Leota
5 months ago
I'm a bit confused by the wording of these options. Do I need to know the specific auditing standards that define the auditor's obligations? Or is this more about understanding the general principles of internal control testing and reporting?
upvoted 0 times
...
Gracia
5 months ago
Hmm, I'm a bit unsure about this one. I'll need to double-check the SAS Data Integration Studio documentation to make sure I understand the different options for collecting statistics.
upvoted 0 times
...

Save Cancel