Directive Controls

5 minutes 5 Questions

Directive controls are defined procedures, guidelines, or other written instructions that mandate specific actions to manage security risks. These controls help guide an organization's security efforts and establish the foundation for other security controls. A directive control can include policie…

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Question 1

A company recently experienced a security breach. The management decides to implement stronger security measures. Which of the following is an example of a Directive Control to ensure employees adhere to the new security policies?

Biometric access Installing a firewall Security camera surveillance Mandatory security awareness training

Correct Answer: Mandatory security awareness training

Directive Controls are management-oriented and focus on educating users about security policies and procedures. Mandatory security awareness training helps ensure employees understand and follow security policies, while the other options are examples of preventive, detective, and technical controls.

Question 2

A manufacturing organization needs to enforce safety guidelines to reduce accidents in the workplace. Which Directive Control would be effective in this scenario?

Deploying a security information and event management (SIEM) system Mandatory safety training for all employees Implementing access control based on job roles Installing security cameras throughout the facility

Correct Answer: Mandatory safety training for all employees

Directive Controls involve educating users on policies and procedures. Mandatory safety training for all employees ensures that they are aware of and comply with safety guidelines. All other options are examples of preventive, detective, and technical controls.

Question 3

A company implements a Directive Control to increase employee awareness of security policies. Which of the following control would be the best choice?

Logging all user activity Encryption of all sensitive data Implementation of a network intrusion prevention system Regular security policy discussion sessions

Correct Answer: Regular security policy discussion sessions

Directive Controls focus on educating users about security policies and procedures. Regular security policy discussion sessions enable employees to understand and follow security policies better. The other options are examples of preventive, detective, and technical controls.

Join the Elite: Pass Your CISSP

4,400+ questions across all 8 CBK domains

Directive Controls

Comprehensive Guide: Understanding and Implementing Directive Controls

CISSP - Directive Controls Example Questions

Question 1

Question 2

Question 3

Join the Elite: Pass Your CISSP