C. Corrective controls are being implemented.
Corrective controls are measures that are put in place to fix problems or weaknesses that have been identified. They are typically implemented after an incident has occurred in order to repair the damage and prevent similar incidents from happening in the future. In this scenario, the organization is repairing the damage after an incident, which suggests that corrective controls are being implemented.
Detective controls are measures that are put in place to detect when a problem or weakness has occurred. Preventive controls are measures that are put in place to prevent problems or weaknesses from occurring in the first place. Compensating controls are measures that are put in place to compensate for weakness or deficiency in another control.
When an organization is repairing the damage after an incident, they are implementing corrective controls. Corrective controls are measures that are put in place to fix problems or address vulnerabilities that have already been identified. This is in contrast to preventive controls, which are measures that are put in place to prevent problems from occurring in the first place, and detective controls, which are measures that are put in place to detect problems or vulnerabilities before they can cause harm. Compensating controls are additional controls that are put in place to provide additional protection or to compensate for the shortcomings of other controls. In this case, the organization is taking corrective action to repair the damage caused by the incident.
A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.
So it has to be corrective.
I disagree,
Compensating controls are alternative controls used when a primary control is not feasible.
Corrective controls attempt to reverse the impact of an incident.
https://purplesec.us/security-controls/
A compensating control attempts to recover from an intrusion by compensating for the issues that were left behind. For example, if someone Stole a laptop with all of our data, we could compensate for that by purchasing a new laptop and restoring that data from backup.
A corrective control is designed to mitigate any damage that was occurred because of a security event. For example in IPS, intrusion prevention system can identify an attack on the network and block that traffic from entering the rest of the network.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
alayeluwa
Highly Voted 2 years, 7 months agoAlizadeh
Most Recent 2 years, 4 months agoFMMIR
2 years, 5 months ago[Removed]
2 years, 6 months agoNXPERT
2 years, 6 months agoostralo
2 years, 6 months agoabrilo
2 years, 6 months ago