Isaca Certified Information Systems Auditor CISA Question # 295 Topic 30 Discussion

CISA Exam Topic 30 Question 295 Discussion:

Question #: 295

Topic #: 30

Visitors to a data center are required to present an ID and pre-approved documents. Which type of control has been implemented?

Administrative control

Preventive control

Corrective control

Detective control

Get Premium CISA Questions

Explanation

Requiring visitors to present identification and pre-approval documents before entering a data center is a preventive control because its purpose is to stop unauthorized access before it occurs. In CISA-style control classification, a preventive control is designed to avoid an incident or reduce the likelihood of an undesirable event. Screening visitors before access is granted is a classic example of prevention.

Option B is correct because the control is applied before access is granted. It is intended to prevent unauthorized individuals from entering the facility. The control does not primarily detect an event after it happens, nor does it correct a problem after occurrence.

Option A is tempting because visitor procedures are often documented in administrative policies, but the question asks for the type of control implemented in this scenario. The specific mechanism described is an entry-screening measure that functions preventively. In exam logic, when asked to choose between functional control types such as preventive, detective, and corrective, the answer should reflect what the control actually does.

Option C is incorrect because a corrective control acts after an incident to restore or remedy conditions. Visitor ID checks do not correct anything after a breach.

Option D is incorrect because a detective control identifies or alerts after or during an event, such as logs, CCTV review, or alarms. Here, the main purpose is to prevent unauthorized access before entry.

So the best answer is B, since requiring ID and pre-approval documents at the entrance is designed to prevent unauthorized physical access to the data center.

References (Official ISACA):

ISACA, Differentiating Key Terms in the Information Security Hierarchy — standards and controls can prescribe required behaviors and control actions.

ISACA Journal, Information Systems Security Audit: An Ontological Framework — supports functional security control categories.

ISACA Journal, IS Audit Basics: Innovation in the IT Audit Process — supports use of standard ISACA terminology in control evaluation.

Actual exam question for Isaca CISA exam by Ember4008 at Apr 2, 2026, 11:00:15 PM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified Information Systems Auditor CISA Question # 295 Topic 30 Discussion

Isaca Certified Information Systems Auditor CISA Question # 295 Topic 30 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified Information Systems Auditor CISA Question # 295 Topic 30 Discussion

Isaca Certified Information Systems Auditor CISA Question # 295 Topic 30 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval