Architecture & engineering
⏱ ~3-min readAceMark GuideWhat this topic is really about
Preventive controls actively block unauthorized access.. A firewall is a preventive control because it actively blocks unauthorized network traffic before it can access internal resources.
Combining defense in depth with zero trust requires continuous verification of every access request regardless of origin, coupled with multiple layered security controls. This disproves legacy perimeter models that implicitly trust users once they are inside the internal network.
See the mechanism
A firewall is a preventive control because it blocks unauthorized traffic before it can access internal resources. A diagram for this topic isn't available yet — the worked example below walks the same reasoning step by step.
An exam-style question, fully explained
Which is a preventive control?
- Identify what the question tests: Which is a preventive control.
- A firewall is a preventive control because it actively blocks unauthorized network traffic before it can access internal resources.
- In contrast, an Intrusion Detection System (IDS) is a detective control that merely monitors and alerts on suspicious activity rather than preventing it.
- Why it matters: A firewall is a preventive control because it blocks unauthorized traffic before it can access internal resources. This is in contrast to detective controls like IDS, which only monitor and alert on suspicious activity. Preventive controls aim to prevent a security incident from occurring in the first place.
Traps the examiner sets
- Many people confuse preventive controls with detective controls, but preventive controls actively block or prevent access, while detective controls only identify or detect potential security threats.
Test your recall
Answer each from memory — you'll see instantly whether you're right and why.
Run a focused 10-question mini-mock on Architecture & engineering and see it stick.
Practice more of this topic →