Please practice these MCQs on security control types before clicking the “View Answer” button to find the correct answer. It includes MCQs on security control types for CompTIA Security+ exam preparation, as well as the correct answers and explanations for them. You might be able to prepare better to pass your exam.
Table of Contents
MCQs on Security Control Types for CompTIA Security+ Exam
1. A financial institution uses biometric scanners and electronic door locks in its data center to limit physical entry. What type of security control is this?
A. Technical
B. Managerial
C. Operational
D. Physical
Answer: D. Physical
Explanation: This control physically prevents people from entering a place, and it is known as a physical control.
2. A company applies a role-based access control (RBAC) within its network to limit file access to the file based on user roles. Which control category is RBAC?
A. Technical
B. Managerial
C. Operational
D. Physical
Answer: A. Technical
Explanation: Roll-based access control (RBAC) is installed using software and system settings, classified as technical control.
3. The CEO approves a new security policy that requires frequent password changes and multi-factor authentication. What kind of control is this?
A. Technical
B. Managerial
C. Operational
D. Physical
Answer: B. Managerial
Explanation: Developing policies and processes is a managerial function.
4. An IT team in a company establishes detailed processes and guidelines for monitoring the network. What kind of control is this?
A. Technical
B. Managerial
C. Operational
D. Physical
Answer: C. Operational
Explanation: Standard operational procedures are operational controls as they explain how to complete daily tasks.
5. Security cameras and motion detectors are installed in the building entrance and server room. In which category are these devices represented?
A. Technical
B. Managerial
C. Operational
D. Physical
Answer: D. Physical
Explanation: Cameras and motion detectors act as physical obstacles and are used for monitoring, which makes them a physical control.
Read Also: Top 100 Must-Know ISC2 CC Exam Questions and Answers Set-1
6. A company applies a firewall and an intrusion prevention system (IPS) to block unauthorized network traffic. What kind of controls are these?
A. Preventive
B. Deterrent
C. Detective
D. Corrective
Answer: A. Preventive
Explanation: A firewall and an intrusion prevention system (IPS) help in unauthorized access and block dangers.
7. The presence of a security guard at the main entrance to prevent intruders is maintained by the company. What kind of control does it show?
A. Detective
B. Deterrent
C. Corrective
D. Preventive
Answer: B. Deterrent
Explanation: Being a visual security guard helps discourage criminal activities, which represents deterrrent control.
8. An organization uses log monitoring software that constantly examines network traffic and alerts administrators to any unusual behavior. What kind of control is this?
A. Detective
B. Preventive
C. Directive
D. Corrective
Answer: A. Detective
Explanation: Continuous monitoring and alert systems help identify unusual events and safety issues.
9. After a security violation, the IT team restores the system from recent backups to resume normal operations. What kind of control is this?
A. Corrective
B. Detective
C. Preventive
D. Directive
Answer: A. Corrective
Explanation: Using backups to restore the system fixes problems after an event occurs.
10. A firm cannot apply advanced antivirus solutions due to a chronic system. Instead, they enhance the surveillance of the circumference to reduce the risk. What is this alternative remedy called?
A. Compensating
B. Corrective
C. Preventive
D. Directive
Answer:A. Compensating
Explanation: A compensation control is an alternative solution when the main control cannot be fully used.
Read Also: Get 100 Frequently Asked CC Exam Questions and Answers set-2
11. An organization issues a rule that requires the review and approval of all software updates before it is implemented. What kind of control is this?
A. Preventive
B. Directive
C. Detective
D. Corrective
Answer:B. Directive
Explanation: Directive controls provide rules or advice to guide people in following some tasks.
12. In the practice of a red team, external attacks are blocked by technical controls, yet internal policy violations continue. Which control type needs reinforcement to address internal issues?
A. Technical
B. Managerial
C. Operational
D. Physical
Answer:B. Managerial
Explanation: Managerial control, such as updating rules and providing training, aims to improve how people behave and follow the organization’s policies.
13. A system administrator establishes an automated daily process to update the operating system and application. What kind of control is this?
A. Preventive
B. Corrective
C. Detective
D. Deterrent
Answer:A. Preventive
Explanation: Automatic patch management ensures that the system is updated to prevent the exploitation of weaknesses.
14. After detecting several unauthorized access efforts, a company modifies access control policies and increases staff security training. What kind of control is this?
A. Corrective
B. Directive
C. Compensating
D. Detective
Answer:B. Directive
Explanation: Revising policies and providing direct training to employees on correct procedures to prevent security problems is directive security control.
15. During an audit, the cybersecurity team finds out that the event response plan exists but is not effectively followed during fake attacks. Which aspect of control should be reinforced?
A. Detective control
B. Corrective control
C. Managerial control
D. Compensating control
Answer:C. Managerial control
Explanation: Effective utilization of the incident response plan is maintained by managerial control, which is directed towards imposing rules and surveillance.
Read Also: Top 100 ISC2 CC Exam Questions and Answers You Must Know Set-3
16. A healthcare organization requires all new employees to complete an online course on cybersecurity awareness before they access the system. What type of control is being applied mainly?
A. Preventive
B. Directive
C. Detective
D. Corrective
Answer:B. Directive
Explanation: Training gives people rules or guidelines to follow, which helps to direct how they act. This is called directive control.
17. After several phishing attacks, a company implements multifactor authentication and security tokens to increase access control. In which category does this strategy fall?
A. Operational
B. Physical
C. Managerial
D. Technical
Answer:D. Technical
Explanation: Multifactor authentication secures systems by technology and pre-established settings. It’s a technical control with a prevention purpose.
18. An enterprise installs log monitoring software to detect unusual file access. What type of control is it considered?
A. Detective
B. Preventive
C. Corrective
D. Directive
Answer:A. Detective
Explanation: Software tracks system activity to detect any unusual behavior, acting as a detective control.
19. Following several security incidents, the IT team updates the incident response plan and replaces reporting methods. What kind of control is this action?
A. Preventive
B. Compensating
C. Directive
D. Corrective
Answer:D. Corrective
Explanation: Updating the way we respond to events detects and fixes problems after they occur. This is a corrective control.
20. A company adds a backup power supply, fire suppression system, and generator to keep its server room safe. What are these changes?
A. Technical
B. Managerial
C. Operational
D. Physical
Answer:D. Physical
Explanation: These are actions that consciously protect physical structures, and thus, they qualify as physical controls.
Read Also: Top 100 Proven CC Exam Questions and Answers Set-4
21. During a fake cyberattack, the IT team uses an intrusion prevention system (IPS) to block harmful traffic. What kind of control does this IPS represent?
A. Preventive
B. Detective
C. Corrective
D. Directive
Answer:A. Preventive
Explanation: An Intrusion Prevention System (IPS) avoids malicious access by blocking malicious traffic, a preventive control.
22. A university performs an annual audit of its data access policies and server setup to ensure that they are following the rules. What type of control is this audit?
A. Technical
B. Physical
C. Managerial
D. Operational
Answer:C. Managerial
Explanation: Audits regularly scan and enforce company policies; this is a managerial control.
23. A retail chain set an alarm that becomes active if there are repeated unauthorized login attempts. What type of control is being used?
A. Preventive
B. Detective
C. Compensating
D. Directive
Answer:B. Detective
Explanation: Computerized alarms alert security personnel to suspicious movement, and they are detective controls.
24. To secure its buildings, a company installs monitoring cameras and electronic access systems at all entrances. What type of remedies are these measures under control?
A. Managerial
B. Technical
C. Operational
D. Physical
Answer:D. Physical
Explanation: Electronic door systems and CCTV cameras control and limit physical entry, so they are physical controls.
25. A corporation uses antivirus software and an intrusion detection system to prevent malware infection. What kind of control does it show?
A. Preventive
B. Corrective
C. Detective
D. Directive
Answer:A. Preventive
Explanation: Intrusion detection devices and antivirus software prevent harm beforehand and are preventive controls.
Read Also: Top 100 ISC2 CC Exam Questions and Answers You Must Know Set-3
26. After the outbreak of malware, the IT department restores the affected systems using backup to resume operation. What kind of control is this action?
A. Preventive
B. Detective
C. Directive
D. Corrective
Answer:D. Corrective
Explanation: System recovery from backup repairs system errors and restores functions when issues arise, which is a corrective control.
27. Due to a lack of budget, an organization opposed an increase in the network division to reduce possible damage rather than adopting new cybersecurity software. Which of the following represents this alternative control?
A. Compensating
B. Corrective
C. Preventive
D. Directive
Answer:A. Compensating
Explanation: When the first safety control is impractical, a second one is used to minimize risk. This is a compensating control.
28. A company needs to participate in regular cybersecurity training for all employees to be informed about the best practices and emerging threats. What types of controls are considered in these training sessions?
A. Preventive
B. Directive
C. Detective
D. Corrective
Answer:B. Directive
Explanation: Training classes officially instruct workers what to do, so they are directive controls.
29. To repeatedly address security violations, the management implements disciplinary measures to correct the staff’s behavior. What kind of control does it show?
A. Preventive
B. Detective
C. Directive
D. Corrective
Answer:D. Corrective
Explanation: After the transgression against rules, disciplinary action corrects and remedies the issues, serving as corrective controls.
30. A retail store applies visible safety measures such as monitoring cameras, security personnel on the site, and signals to prevent damage. What type of control strategy is this?
A. Deterrent
B. Preventive
C. Detective
D. Corrective
Answer:A. Deterrent
Explanation: Visible security controls are put in place to discourage criminal activity, called deterrent controls.
It is important to understand MCQs on security control types to succeed in CompTIA Security+ Examination and real IT safety scenarios. Understanding various categories of controls, their application, and distinctions will help you be well-equipped to answer questions in the exam and make informed decisions in your cybersecurity profession. With dedication and practice, you will be convinced in responding to MCQs on security control types and even improve your overall knowledge of cybersecurity.
FAQs for MCQs on Security Control Types
What are the main categories of security controls addressed by the CompTIA Security+ exam?
Principal categories of security controls addressed by the CompTIA Security+ exam are preventive, detective, corrective, deterrent, compensating, and operational controls. Administrative, technical, and physical forms of controls are also included in the exam.
How many questions do they typically have on security control types within the exam?
While the number isn’t necessarily accurate, you would expect to see around 10-12% of exam questions inquire about general security concepts. That’s roughly 9-11 of the 90 questions.
Are there any good examples of each security control type that I should know?
Yes, you should be well familiar with examples for all security control types. For instance, firewalls are preventive controls, intrusion detection systems are detective controls, and backups are corrective controls. Familiarity with actual examples will help you better understand and implement these concepts.
How do I best prepare for MCQs on security control types?
To prepare the MCQs on security control types extensively, read the features and description of each category of control, practice questions, and relate concepts to real life. Also, observe closely any differences between control types and how they use IT in real life.
What are the differences between preventive, detective, and corrective controls?
Preventive controls are put in place to stop incidents from happening (e.g., access controls). Detective controls identify and alert about security incidents when they are taking place (e.g., security cameras). Corrective controls minimize the impact of an incident after it has happened (e.g., disaster recovery plans).
What are the administrative, technical, and physical controls?
Administrative controls are policies and procedures (e.g., security awareness training). Technical controls are solutions, either hardware or software (e.g., encryption). Physical controls safeguard the physical infrastructure (e.g., security guards, locks). The above may overlap with the functional categories of controls.
Can you define the term compensating controls?
Compensating controls are other security controls that are implemented whenever the primary control is impracticable or impossible. They offer the same amount of protection as the primary control but through other means, typically because of technical, cost, or operational limitations.
Are there any sneaky questions regarding security control types on the test?
Though the test does not have many “trick” questions, there are a couple of scenarios in which you must choose the optimum kind of control. Carefully read the special case and requirement in a question while choosing the right answer.
How do deterrent controls and preventive controls differ from each other?
Preventive controls stop attacks by directly stopping or hindering unauthorized activity (e.g., access control lists), while deterrent controls deter attackers by decreasing the attractiveness of the target or increasing perceived risk (e.g., warning signs).
