Certified Incident Handler (ECIH v3) — Question 84

In the Control Analysis stage of the NIST's risk assessment methodology, technical and none technical control methods are classified into two categories. What are these two control categories?

Answer options

• A. Preventive and Detective controls
• B. Detective and Disguised controls
• C. Predictive and Detective controls
• D. Preventive and predictive controls

Correct answer: A

Explanation

The correct answer is A, as preventive controls aim to stop security incidents before they occur, while detective controls identify and alert to incidents that have already happened. Options B and C introduce incorrect terms that do not align with NIST's classification, and option D incorrectly pairs preventive with predictive, which is not recognized as a control category in this context.