Certified Information Security Manager (CISM) — Question 201

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

Answer options

• A. Deterrent
• B. Detective
• C. Preventive
• D. Corrective

Correct answer: C

Explanation

The correct answer is C, Preventive, as it involves measures taken to avoid potential failures before they occur. Deterrent controls aim to discourage undesirable actions, detective controls focus on identifying incidents after they happen, and corrective controls are used to rectify issues once they have occurred.