Which term refers to detective and preventive security controls that can perform both detection and prevention, often requiring software agents on hosts?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which term refers to detective and preventive security controls that can perform both detection and prevention, often requiring software agents on hosts?

Explanation:
Active security control refers to defenses that actively monitor for threats and take immediate action to stop them, rather than only observing. These controls perform both detective functions (spotting anomalies, malicious behavior, or policy violations) and preventive actions (blocking, quarantining, or terminating processes) in real time. Often, these solutions rely on software agents installed on each host to continuously collect telemetry, enforce security policies, and autonomously respond to incidents across the network. That combination of ongoing detection plus automatic prevention, especially when implemented with endpoint agents, fits this term best. Passive security control describes non-operational or observational measures that don’t actively block threats. Network-based controls operate primarily at the network boundary rather than on hosts. While host-based controls indicate where the protection runs, they don’t by themselves specify the dual detection-and-prevention capability. The essence here is the active, dual-purpose nature of the control, which is captured by active security control.

Active security control refers to defenses that actively monitor for threats and take immediate action to stop them, rather than only observing. These controls perform both detective functions (spotting anomalies, malicious behavior, or policy violations) and preventive actions (blocking, quarantining, or terminating processes) in real time. Often, these solutions rely on software agents installed on each host to continuously collect telemetry, enforce security policies, and autonomously respond to incidents across the network. That combination of ongoing detection plus automatic prevention, especially when implemented with endpoint agents, fits this term best.

Passive security control describes non-operational or observational measures that don’t actively block threats. Network-based controls operate primarily at the network boundary rather than on hosts. While host-based controls indicate where the protection runs, they don’t by themselves specify the dual detection-and-prevention capability. The essence here is the active, dual-purpose nature of the control, which is captured by active security control.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy