Which category includes policies, procedures, standards, user education, incident response, disaster recovery, compliance and physical security?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the CCST Cybersecurity Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which category includes policies, procedures, standards, user education, incident response, disaster recovery, compliance and physical security?

Explanation:
Administrative controls focus on governance, policy, and planning that shape how security is implemented. This category covers the rules, procedures, and programs that guide behavior and establish how security is managed across the organization. Policies, procedures, and standards are the documents that define what must be done and the rules to follow. User education changes how people behave, reducing human-caused risk. Incident response and disaster recovery are prewritten plans for how to detect, respond to, and recover from incidents. Compliance ensures the organization follows laws, regulations, and internal policies. Even physical security fits here when it’s managed through governance and programmatic oversight rather than through hardware alone. Altogether, these elements are about management, oversight, and the overall approach to security. Technical controls, by contrast, are the actual technologies that enforce security (like encryption, access control mechanisms, and firewalls). Operational controls cover the day-to-day execution and maintenance of security tasks (such as routine monitoring and change management). The items in this set are focused on policy, planning, and governance, which is why they belong to administrative controls.

Administrative controls focus on governance, policy, and planning that shape how security is implemented. This category covers the rules, procedures, and programs that guide behavior and establish how security is managed across the organization.

Policies, procedures, and standards are the documents that define what must be done and the rules to follow. User education changes how people behave, reducing human-caused risk. Incident response and disaster recovery are prewritten plans for how to detect, respond to, and recover from incidents. Compliance ensures the organization follows laws, regulations, and internal policies. Even physical security fits here when it’s managed through governance and programmatic oversight rather than through hardware alone. Altogether, these elements are about management, oversight, and the overall approach to security.

Technical controls, by contrast, are the actual technologies that enforce security (like encryption, access control mechanisms, and firewalls). Operational controls cover the day-to-day execution and maintenance of security tasks (such as routine monitoring and change management). The items in this set are focused on policy, planning, and governance, which is why they belong to administrative controls.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy