A cybersecurity analyst report should contain minimum password requirements and policies and procedures. These are examples that are included in which control category?
- technical
- administrative
- operational
- physical
|
Explanation & Hint: During a penetration testing engagement, the cybersecurity analyst should analyze the findings and recommend the appropriate remediation within the report, including technical, administrative, operational, and physical controls. Administrative controls are policies, rules, or training designed and implemented to reduce risk and improve safety. Examples of administrative controls are role-based access control (RBAC), secure software development life cycle, minimum password requirements, and policies and procedures. |