Question 20 - ISC2 CC Certified in Cybersecurity Real Exam Questions [Jan 2026 Update]

Q: 20

Which of the following is an example of a technical security control?

Options

Correct Answer:

Explanation

Security controls are categorized into three main types: administrative, technical, and physical. Technical controls are safeguards implemented and executed by a computer system through hardware, software, or firmware. A Closed-Circuit Television (CCTV) system is a technological system composed of hardware (cameras, recorders) and software used to monitor and record activity, thereby functioning as a technical control. In contrast, administrative controls are based on policies, procedures, and training, which manage human behavior. Options A, B, and D all represent administrative controls, as they are policies or training programs, not technological systems.

Why Incorrect

A. Establishing an acceptable usage policy is an administrative control that defines rules for users; it is a document, not a technology.

B. Conducting user security awareness training is an administrative control focused on educating personnel and influencing behavior.

D. Establishing a BYOD policy is an administrative control that sets guidelines and procedures for using personal devices.

References

1. National Institute of Standards and Technology (NIST). (2017). Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations. Section 2.2

"Control Structure

" categorizes controls into Management

Operational

and Technical classes. The Physical and Environmental Protection (PE) family

which includes video surveillance (PE-6)

contains numerous technical implementations.

2. National Institute of Standards and Technology (NIST). (2017). Special Publication 800-12 Revision 1: An Introduction to Information Security. Section 4.2

"Security Controls

" defines technical controls as those "primarily implemented and executed by the information system through mechanisms contained in the hardware

software

or firmware components of the system." This definition encompasses a CCTV system.

3. (ISC)². (2022). CC Certified in Cybersecurity Official Study Guide. Chapter 2

"Incident Response

Business Continuity and Disaster Recovery

" p. 45. This source defines administrative controls as including "policies

procedures

standards

and guidelines" and "awareness and training

" which directly corresponds to options A

and D.

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE