Certified Information Systems Auditor (CISA) — Question 242
Secure code reviews as part of a continuous deployment program are which type of control?
Answer options
- A. Detective
- B. Corrective
- C. Logical
- D. Preventive
Correct answer: D
Explanation
Secure code reviews are aimed at identifying and eliminating vulnerabilities before deployment, making them preventive controls. Detective controls would identify issues after they occur, while corrective controls aim to fix issues after detection. Logical controls are related to access and permissions rather than code review processes.