Certified Information Systems Security Professional (CISSP) — Question 269

What is considered a compensating control for not having electrical surge protectors installed?

Answer options

• A. Having dual lines to network service providers built to the site
• B. Having a hot disaster recovery (DR) environment for the site
• C. Having network equipment in active-active clusters at the site
• D. Having backup diesel generators installed to the site

Correct answer: B

Explanation

A hot disaster recovery (DR) environment is considered a compensating control because it ensures that operations can continue seamlessly even if there are electrical issues. The other options, while beneficial, do not directly address the lack of surge protection in the same manner as a DR environment does.