D. Technical control
Explanation:
A firewall ruleset review is classified as a technical control because it involves the direct configuration, maintenance, and auditing of a technical security mechanism (the firewall).
Key Reasons:
Technical controls are measures implemented through hardware, software, or firmware to enforce security policies.
Examples: Firewalls, IDS/IPS, encryption, access control lists (ACLs).
Firewall ruleset reviews require technical expertise to analyze:
Rule effectiveness (e.g., blocking unauthorized traffic).
Redundant or overly permissive rules.
Compliance with security policies.
C. Management control
Explanation:
The regular review of a firewall ruleset is an example of a management control because it involves oversight and assessment of security practices to ensure that they are aligned with organizational policies and objectives. Management controls are typically focused on the direction, coordination, and evaluation of security processes, including reviewing, updating, and ensuring compliance with security configurations and policies.
NIST indicates 2 types of security controls - Management, Operational & Technical. However, since Management and Technical are not related and there is nothing called Orgn control, the remaining option is Procedural Control.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.712-50 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Riset
1 month agoAboodi000
4 months agoRufus1
6 months, 2 weeks agoUNN_CCISO
7 months, 3 weeks ago