CompTIA Security Plus Mock Test Q222

A company that has a mandatory vacation policy has implemented which of the following controls?

A. Risk control
B. Privacy control
C. Technical control
D. Physical control

Correct Answer: A
Section: Compliance and Operational Security

Risk mitigation is done anytime you take steps to reduce risks. Thus mandatory vacation implementation is done as a risk control measure because it is a step that is taken as risk mitigation.

Incorrect Answers:
B: Privacy control is carried out to protect the sanctity of data privacy.
C: Technical controls involves aspects such as Identification and Authentication; Access Control, Audit and Accountability as well as System and Communication Protection, not
mandatory vacation implementation.
D: Physical control is a part of operational control type.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 25