Certified Information Systems Auditor (CISA) — Question 1198
An organization requires the use of a key card to enter its data center. Recently, a control was implemented that requires biometric authentication for each employee. Which type of control has been added?
Answer options
- A. Compensating
- B. Corrective
- C. Detective
- D. Preventive
Correct answer: D
Explanation
The newly implemented biometric authentication acts as a Preventive control, as it is designed to stop unauthorized access before it occurs. Compensating controls provide alternative measures when primary controls are not feasible, while Corrective controls address issues after they have occurred, and Detective controls identify breaches after they happen. Therefore, the other options do not accurately describe the purpose of the biometric authentication.