Exam SY0-601 topic 1 question 138 discussion

Detective controls – look for both fraudulent and unintentionally improper transactions after the fact. Examples of detective controls include reconciliations, variance analyses, physical inventories, audits, and continuous monitoring through data analytics.

Just to break the gridlock. A - If the bank refunds the transactions B - If it's an insider threat C - Rectify skimmed transactions D- Definitely kibosh insider threats, and most likely to be implemented whether external or internal

so how exactly will detecting the activity actually lead to lower cost? preventing the activity is how you lowe the cost. the only thing close to preventing is deterent here

It's C Corrective—the control acts to eliminate or reduce the impact of an intrusion event. A corrective control is used after an attack. A good example is a backup system that can restore data that was damaged during an intrusion. Another example is a patch management system that acts to eliminate the vulnerability exploited during the attack.

The way I see it, the key words are "reduce losses". Detective will not reduce losses by itself it has to be paired with corrective. Corrective in theory should reduce losses because you're fixing an issue you detected. Deterrent will also reduce losses because instead of having 10 attackers, you'll only have 5, but you have to assume all losses are equal or the same. Ideally you'd want to have 0 attackers, but since the question mentions a reduction not elimination we have to assume you'll get fraudulent activity. So it comes down to, do you want to reduce losses before fraud occurs or after? Personally I'd go with before if it was my bank.

'to reduce loses', detective and corrective might be too late already, so I choose deterrent.

Corrective controls are implemented after detective controls to rectify the problem and (ideally) prevent it from happening again. Detective will only detect fraudulent transactions, not prevent them from happening aka not reduce losses. Corrective does something about that.

Corrective controls are implemented after detective controls to rectify the problem and (ideally) prevent it from happening again. Detective will only detect fraudulent transactions, not prevent them from happening aka not reduce losses. Corrective does something about that.

D is the answer: Deterrent controls: Discourages attackers or any attempts to maliciously affect a user. - CCTV (Without film) - Motion Sensors - Warning Signs "reduce losses" could mean to mitigate an existing issue, hence detective control. Detective controls: Detects security incidents and allows you to constantly monitor, review, and detect system changes and potential security breaches. - CCTV (With Film): After recording the user can figure out where the intrusion happened. - Log Files: Includes old records of everything and anything that happens within a system, including events such as transactions, errors and intrusions. There are records that are kept daily. Every second down to milliseconds of what happens on your machine. User can check the Event Viewer Logs to see where that intrusion happened.

I don't understand how the answer isn't B. Detective controls only detect after an incident has occurred. Corrective controls are implemented after the fact as well. The only option that has a chance at PREVENTING LOSS is B Deterrent because it's attempting from stopping it in the first place. Someone rebuttal please.

Here's a translation of what each of the controls mean: A. not part of exam objectives B. a sign in department that reads "i am watching you" C. damage control, mitigate damage from fraud, reverse uno D. account audits, detects fraud but doesn't do anything to stop it

The question asks for controls to "reduce losses", not to "reduce fraudulent transactions". A deterrent control would reduce the likelihood of fraudulent transactions occurring, and a detective control would identify their occurrence but would not actually reduce their loss. The correct answer is "corrective", this would repair the damage from the fraudulent transactions.

B. Deterrent In an accounting department, the best control type to reduce losses from fraudulent transactions is often a deterrent control. Deterrent controls are designed to discourage individuals from attempting fraudulent activities by making them aware of the consequences. This can include policies, procedures, and visible security measures that create a perception of increased risk and likelihood of detection.

I mean, a corrective can get you back some losses but you can't guarantee it's gonna be worth the cost. You need to detect fraudulent activity before it happens to save losses.

It should be deterrent in my opinion. Corrective and detective controls performed after the fraudulent transaction. To prevent the loss the control should be before the fraudulent transaction in my opinion.

In the context of reducing losses from fraudulent transactions in an accounting department, the best control type would be: D. Detective Detective controls are designed to identify and record security events. In the case of fraudulent transactions, a detective control could help in detecting unusual or suspicious financial activities. For example, implementing a system that monitors transaction patterns, uses anomaly detection, or performs regular audits would fall under the category of detective controls. This allows for the timely identification of fraudulent transactions, enabling the organization to take corrective action and minimize losses. While corrective controls (option C) focus on mitigating damage after a security event, and recovery controls (option A) involve compensating for issues left behind, these may not be as effective in preventing or detecting fraudulent transactions as detective controls. Deterrent controls (option B) aim to deter individuals from committing fraudulent acts, but they may not be as reliable in identifying ongoing or attempted fraudulent transactions.

I dont think any of the other answers would actually prevent a loss. Preventive controls are the only type of control here that is deployed before the attack happens. All the other answers are reactive