Exam SY0-601 topic 1 question 86 discussion

Yay.. finally one that makes sense!

"Preventive controls act before an event, preventing it from advancing". Deterrent - "acts to discourage the attacker by reducing the likelhood of success from the perspective of the attacker".

A. Preventative

A. Preventive

Preventive controls are security measures and practices that are put in place to reduce the likelihood of security incidents or breaches from occurring. Their primary focus is on proactively reducing risk before any incident takes place. These controls aim to prevent potential threats and vulnerabilities from being exploited. Examples of preventive controls include firewalls, intrusion prevention systems (IPS), access controls, encryption, security awareness training, security policies, and patch management. By implementing these measures, organizations aim to create a more secure environment and reduce the chances of security incidents and data breaches.

Preventive controls are implemented to proactively mitigate risks and prevent incidents from happening in the first place. These controls are designed to minimize vulnerabilities, strengthen security measures, and establish safeguards to reduce the likelihood of security breaches or incidents. Examples of preventive controls include implementing strong access controls, enforcing strong passwords and authentication mechanisms, conducting regular security awareness training for employees, performing security assessments and vulnerability scans, deploying firewalls and intrusion prevention systems, and implementing secure coding practices.

A. Preventive control types are focused primarily on reducing risk before an incident occurs. They aim to prevent incidents from happening in the first place. Examples of preventive controls include access controls, training and awareness programs, security policies and procedures, and regular maintenance and updates of hardware and software systems.

A. Preventive controls stop a security issue before it occurs.

Preventive—the control acts to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates BEFORE an attack can take place.

preventive controls are controls intended to completely avoid an incident from being able to occur. Deterrent controls, alternatively, are intended to discourage a bad actor from an unlawful activity that they had originally intended to perform.

Deterrent controls reduce the likelihood of a deliberate attack. Preventative controls protect vulnerabilities and make an attack unsuccessful or reduce its impact. https://www.sciencedirect.com/topics/computer-science/deterrent-control#:~:text=Deterrent%20controls%20reduce%20the%20likelihood%20of%20a%20deliberate%20attack.&text=Preventative%20controls%20protect%20vulnerabilities%20and,unsuccessful%20or%20reduce%20its%20impact. So A ("reducing risk")

reducing risk before it happens--deterrent