Password management could be classified as a:
A.
Compensating control
B.
Detective control
C.
Preventive control
D.
Technical control
Explanation:
Password management is an example of preventive control, preventingunauthorized users from accessing a system.
While password management helps prevents disclosure to unauthorized subject, it is not the most correct answer in this list. Password Management is a technical control.
Here is how I approached the question:
1st process of elimiation, get rid of comp and detective. Leaving preventive and technical.
Passwords at their core are in the ‘primary’ control group of technical (ie administrative, physical, techincal/logical).
But this question was not asking about just passwords, it was asking about password management. If it was just asking which control group passwords fell under, then technical would be correct. password management however is where you are creating rules on password creation, complexity, age, length; where you are preventing the possible discovery of the password by using mechanisms to manage the password. And that is the key to the correct answer.
That in turn makes it a preventive/technical control.
Now they also used the words ‘could’ and ‘classified’. ‘preventive’ is a classification of controls that would fall under under one of the 3 main categories.
Thus making the answer ‘preventive’. With that said, it would of have been better if the answers were pairings, since ‘preventive/technical’ would of have been the truly correct answer.
Yea i agree and go with it :). Answer would be “Preventive”
Don’t rule out Compensating control so fast. This is very possible considering you are compensating for the lack of using the best method of authentication – multi-factor (biometric, token, smart card).
Para hacer honesto solo recuerdo tres tipos de control en la gestión ya antes mencionado (administrativo,técnico o lógico y físico) y para mi la respuesta seria técnico.