ISC CC - CC - Certified in Cybersecurity

Corrective controls are designed torestore systems to normal operation after a security incident or attack has occurred. Examples include restoring data from backups, reimaging compromised systems, applying patches, and resetting credentials.

Detective controls identify incidents, preventive controls stop incidents, and corrective controls fix the damage. While recovery controls are sometimes mentioned informally, most security frameworks (including NIST) classify restoration activities under corrective controls.

Corrective controls are critical for minimizing downtime and ensuring business resilience following an incident.

Risk identification is a collaborative process that enables awareness, communication, and protection against threats.

Cloud computing is defined by five essential characteristics per NIST: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Therefore, all listed options are valid characteristics.

Security benchmarks define baseline performance and configuration standards against which systems are measured.

Federated authentication enables single identity across trusted organizations, supporting single sign-on (SSO) and eliminating repeated credential entry.

Integrityis the primary factor in system and information reliability. Reliable systems must ensure that data is accurate, complete, and protected from unauthorized modification. If integrity is compromised, decisions based on the data become unreliable—even if systems are available or confidential. NIST and ISO frameworks emphasize integrity as essential to trustworthiness and operational reliability.

DR planning includes technical controls, operational checklists, and security solutions to support recovery of IT systems after a disruption.

An IP address is a logical identifier used to locate and route traffic to devices on a network.

BCPs should be testedroutinely(e.g., tabletop, simulations) to ensure readiness and relevance.

Platform as a Service (PaaS) provides customers with an environment tobuild, deploy, and manage applicationswithout managing underlying infrastructure. PaaS includes operating systems, middleware, runtime environments, and development tools.

SaaS delivers fully managed applications, while IaaS provides raw infrastructure. PaaS best balances flexibility and operational efficiency for software development.