A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the CIA of information.

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the CIA of information.

Explanation:
Security controls are the measures designed to reduce vulnerabilities and risk while preserving the CIA (confidentiality, integrity, availability) of information. They span administrative policies and procedures, technical mechanisms, and physical safeguards. Together they enforce who can access data, how data is protected in transit and at rest, how changes are tracked and verified, and how systems remain available through backups, redundancy, and incident response. In this sense, controls like access controls, encryption, monitoring, patch management, and change management directly support keeping information confidential, unaltered, and available when needed. The other options touch on related ideas but do not describe the broad category: non-repudiation is a specific property ensuring a party cannot deny an action; IAM deals with managing identities and access; NIST is a standards body that provides guidelines rather than a single protective measure.

Security controls are the measures designed to reduce vulnerabilities and risk while preserving the CIA (confidentiality, integrity, availability) of information. They span administrative policies and procedures, technical mechanisms, and physical safeguards. Together they enforce who can access data, how data is protected in transit and at rest, how changes are tracked and verified, and how systems remain available through backups, redundancy, and incident response. In this sense, controls like access controls, encryption, monitoring, patch management, and change management directly support keeping information confidential, unaltered, and available when needed. The other options touch on related ideas but do not describe the broad category: non-repudiation is a specific property ensuring a party cannot deny an action; IAM deals with managing identities and access; NIST is a standards body that provides guidelines rather than a single protective measure.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy