CISSP Exam - Question 334

Administrative includes preventive

Answer is D. Employee training, risk management, and data handling procedures and policies are all part of Administrative security measures. Preventative measures are closely aligned put with technical measures.

Agree with A

Administrative Also known as management controls, these represent organizational policies and training regarding security. Common administrative controls include password policies, employee screening, training procedures, and compliance with legal regulations

Examples of administrative controls include policies, procedures, hiring practices, background checks, data classifications and labeling, security awareness and training efforts, reports and reviews, work supervision, personnel controls, and testing.

Administrative Security consists of policies, procedures, and personnel controls including security policies, training, and audits, technical training, supervision, separation of duties, rotation of duties, recruiting and termination procedures, user access control, background checks, performance evaluations, and disaster recovery, contingency, and emergency plans. These measures ensure that authorized users know and understand how to properly use the system in order to maintain security of data. It's D

Answer D) Administrative There are three main types of IT security controls including technical, administrative, and physical. The primary goal for implementing a security control can be preventative, detective, corrective, compensatory, or act as a deterrent. https://purplesec.us/security-controls/

Preventative?

Administrative controls is a category, preventive is a type

Be careful not to confuse security control with security measure. In this specific case it indicated measure therefore he correct answer is A

Administrative security controls refer to policies, procedures, or guidelines that define personnel or business practices in accordance with the organization's security goals.

A. is the correct! Employee training - that means any one of the employee in the organization - not a particular employee. Preventive is when the organization train or send awareness emails, or posters.

correct answer is D: Employee training, risk management, and data handling procedures and policies could be characterized as Administrative Security Measures.

It's preventative

A is correct as it is a type. B and D is the same thing.

D, procedure is the keywords

the keyword is "type" - so the correct Anwser is A Preventative see Study Guide Figure 2.4 and following sites

Employee training, risk management, and data handling procedures and policies could be characterized as: D. Administrative These measures focus on managing and controlling security aspects within an organization, such as establishing policies, procedures, and training to ensure that security practices are followed and that risks are managed effectively.

D. Administrative........employee training can make it seem like A is the correct answer but all the other activities mentioned are administrative controls and Employee training can also fall under that categroy making D. Administrative the best answer.

NOT A. Preventative controls are a category (like technical, physical, or administrative) but the question asks for the type of control, not its function.

Administrative security measures involve the policies, procedures, and practices that govern how an organization manages and protects its information and systems. This includes employee training, risk management processes, and data handling procedures, all of which are aimed at ensuring the security of the organization through proper management practices and governance.