An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?
Preventive controls are implemented to avoid the manifestation of threats and are proactive in nature. They help to reduce the likelihood of an incident by acting ahead of time. Redundant power supplies are a classic example of a preventive control in IT risk management.
Corrective actions fix issues after something happens (ie backups for corrupted databases). If a server lost power and shuts down, a redundant power supply does not turn it back on. A redundant power supply "prevents" the server from shutting down.
Preventive control implemented to avoid potential problem and managing risk. Eg. Add firewall, redundant firewall, redundant power supply, fence, locks, segregation of duties etc.
Corrective control to correct the issue or problem that had been found. Eg. patching, reboot system, replace faulty hard disk etc.
Preventative – An internal control that is used to avoid undesirable events, errors and other occurrences that an enterprise has determined could have a negative material effect on a process or end product
Corrective – Designed to correct errors, omissions and unauthorized uses and intrusions once they are detected
>> Preventative
OMG, soo many comments on this easy question. Of course it's D - Corrective, because corrective controls work after the fact (in this case power outage). Preventive means "to prevent" power outage in this case. How are they going to prevent it? They are trying to correct the thing that already occurred.
The events that the business wants to avoid are "critical system outages" not "power outages".
With reference to the first, the power supply is a preventive control. With reference to the second it would be of a corrective nature. IMO answer is C
Preventive controls are proactive measures designed to stop unwanted or unauthorized activities from occurring in the first place. In this case, redundant power supplies are preventing system outages.
D
When detective control activities identify an error or irregularity, corrective control activities should then kick in to see what could or should be done to fix it. Here it got detected that there is a business risk with 1 Power supply , so they corrected it with 2 Power Supply. It could have been preventive if they did this in first place ie 2Power Supplies are implemented for first time
Interesting question. Correct Answer D:
Because Preventive means, prevent the occurrence of the incident (i.e. power OFF). In this case, power off occurred; after power off the backup power start which means correction activity.
A redundant power supply is when a single piece of computer equipment operates using two or more physical power supplies. Each of the power supplies will have the capacity to run the device on its own, which will allow it to operate even if one goes down.
For normal operation, each of the power supplies will provide half (assuming there are two) of the power that is needed. If one is powered off for some reason, the other one will immediately compensate to provide full power to the device so there is no downtime at all.
By having redundant power supplies in place, the organization can correct the situation by providing backup power sources to minimize the impact of outages and restore normal operations. The focus is on addressing the consequences of the risk event rather than preventing it from happening in the first place.
How this is a corrective control makes no sense to. Foreseeing a risk and implementing controls in place to prevent an incident is the literal definition of a preventative risk.
IMO, the answer is C - Preventative. Per ISACA manual, page 196, Preventative controls directly address risk, which is what this is, the risk of a power outage.
Corrective controls, per ISACA manual, page 196, "...remediate impact". Which means an incident has occurred and it is AFTER the fact, you are fixing/correcting something that has occurred, past tense. So NOT D.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Marcovic00
Highly Voted 1 year, 8 months agohelg420
1 year, 2 months agomaisarajarrah
1 year, 7 months agoMaccaoidh
Highly Voted 2 years, 3 months agoafoo1314
Most Recent 11 months, 2 weeks agovickyguna78
1 year ago3czz
1 year, 5 months agoAlexJacobson
1 year, 6 months agoSalilgen
1 year, 4 months agoKunzle
1 year, 10 months agooluchecpoint
1 year, 10 months agowickhaarry
2 years agoGoseu
2 years agoGoseu
2 years agorichck102
2 years agokaranvp
2 years, 1 month agowello
2 years, 1 month agowello
2 years, 1 month agoDravidian
2 years, 3 months agoCarlPTY07
2 years, 4 months agoCarlLimps
2 years, 5 months ago