Exam SY0-501 topic 1 question 651 discussion

C. Control diversity is the use of different security control types, such as technical controls, administrative controls, and physical controls. -Technical security controls : firewalls, intrusion detection systems (IDSs), and proxy servers . -Physical security controls : provide extra protection for the server room or other areas where these devices are located. -Administrative controls : vulnerability assessments and penetration tests can help verify that these controls are working as expected.

Security controls are the mechanisms by which security functions are achieved. It is important to have control diversity, both administrative and technical, providing layered security to ensure the controls are effective in producing the desired results. One area frequently overlooked is the value of policies and procedures to guide workers’ actions. If these policies and procedures are aligned with reducing risk, they act as controls. If there are technical controls backing up those policies, then policy violations may still not create a complete vulnerability, as the technical control can stop a problem from occurring. Total reliance on technical controls without policy provides insufficient security because users who lack policy guidance may utilize a system in ways not foreseen by the implementers of the technical controls, resulting in another risk.

Keyword = Multiple therefore Multiple somehow is related to Diverse right? So Multiple = Diverse = Answer Control Diversity