Certified Information Systems Auditor (CISA) — Question 227

Which of the following is an example of a preventive control for physical access?

Answer options

• A. Implementing a fingerprint-based access control system for the building
• B. Installing closed-circuit television (CCTV) cameras for all ingress and egress points
• C. Keeping log entries for all visitors to the building
• D. Implementing a centralized logging server to record instances of staff logging into workstations

Correct answer: A

Explanation

The correct answer is A, as a fingerprint-based access control system actively prevents unauthorized access to the building. Options B and C are examples of detective controls, as they monitor activities rather than prevent them, while option D, although related to access, focuses on logging rather than direct prevention of physical access.