Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What are the two categories of control methods classified in the Control Analysis stage of NIST's risk assessment?

Technical and Administrative controls
Preventive and Detective controls
Compensatory and Deterrent controls
Corrective and Physical controls

The correct answer is: Preventive and Detective controls

In the Control Analysis stage of NIST's risk assessment, the distinction between preventive and detective controls is fundamental to understanding how organizations manage risks. Preventive controls are implemented to avoid or mitigate potential threats before they occur. These controls are proactive measures designed to reduce vulnerabilities, such as security policies, training, access controls, and encryption. Detective controls, on the other hand, are designed to identify and alert on incidents that have already occurred or are currently ongoing. These controls include mechanisms such as intrusion detection systems, log monitoring, and security audits, which help in recognizing any breaches or anomalies in real-time. By categorizing controls into preventive and detective, organizations can effectively strategize their risk management approaches, ensuring they not only work to prevent incidents but also have mechanisms in place to detect and respond to any that do occur. This dual approach is critical in building a robust security posture, allowing organizations to minimize the impact of potential threats.