What is CertGuide.ai?

CertGuide.ai is an AI-powered certification prep platform that helps you pass CompTIA exams like Security+, Network+, and A+. It maps all exam concepts, diagnoses your weak areas, and creates personalized study plans.

How does CertGuide compare to CertMaster?

CertGuide.ai offers AI-powered diagnostics that map your knowledge across all 183 Security+ concepts, personalized study plans, and an AI tutor. Unlike traditional prep tools, CertGuide shows you exactly which concepts need work and tracks your progress to exam readiness.

What is the pass rate for CertGuide users?

99% of CertGuide users who reach 95% concept mastery pass their certification exam on the first attempt.

How much does CertGuide cost?

CertGuide offers a free baseline assessment to diagnose your current knowledge. Full course access is $79 per certification exam.

Which CompTIA certifications does CertGuide support?

CertGuide currently supports CompTIA Security+ (SY0-701), with Network+ and A+ (Core 1 & Core 2) launching soon.

Objective 1.1High Priority5 min read

Security Controls Overview

Introduction to security controls as safeguards designed to reduce risk and protect confidentiality, integrity, and availability. Understanding the dual classification system of categories and control types.

Understanding Security Controls Overview

Security controls are the foundation of any cybersecurity program. They are safeguards or countermeasures designed to protect the confidentiality, integrity, and availability of information systems and the data they contain.

Think of security controls as the locks, alarms, cameras, and guards that protect a building—but for your digital assets. Just as a building might use multiple layers of physical security, organizations implement multiple security controls to create a comprehensive defense strategy.

Why This Matters for the Exam

This concept appears throughout the entire Security+ exam because every security measure you'll study is a type of control. Understanding the classification system helps you:

•Quickly identify what type of control a question is asking about
•Recognize gaps in security architectures
•Recommend appropriate controls for different scenarios
•Understand why organizations implement multiple overlapping controls

Deep Dive

CompTIA uses a dual classification system for security controls. Every control can be classified by both its category (who/what implements it) and its type (what it does):

Control Categories (Implementation)

•Technical (Logical) — Implemented through technology
•Managerial (Administrative) — Implemented through policies
•Operational — Implemented through daily procedures
•Physical — Implemented through tangible barriers

Control Types (Function)

•Preventive — Stops incidents before they occur
•Detective — Identifies incidents during or after
•Corrective — Fixes issues after an incident
•Deterrent — Discourages malicious behavior
•Compensating — Substitutes for other controls
•Directive — Guides behavior through rules

How CompTIA Tests This

Example Analysis

A firewall is a technical control (category) that is preventive (type) because it's implemented through technology and stops unauthorized traffic before it enters the network.

A security awareness training program is a managerial control (category) that is preventive (type) because it's established by management and aims to prevent security incidents by educating users.

Key Terms to Know

security controlssafeguardsrisk reductionCIA triaddefense in depth

Common Mistakes to Avoid

Confusing control categories with control types—remember categories describe WHO implements, types describe WHAT it does

Thinking a control can only be one type—a single control can serve multiple functions (e.g., a camera is both detective AND deterrent)

Forgetting that the exam uses "technical" and "logical" interchangeably

Exam Tips

When a question describes a control, first identify the category, then the type

Look for keywords: "policy" usually means managerial, "software/hardware" means technical

Physical controls are the easiest to identify—if you can touch it, it's physical

Memory Trick

"TMOP" for Categories: Technical, Managerial, Operational, Physical

"PD-CCD" for Types: Preventive, Detective, Corrective, Compensating, Deterrent (plus Directive)

Think: "The Manager Operates Physically" and "Police Detect Criminals, Courts Decide"

Test Your Knowledge

Q1.A company implements a firewall to block unauthorized network traffic. What type of control is this?

Q2.An organization requires all employees to complete annual security awareness training. What category of control is this?

Q3.A security camera records activity in a server room. This camera serves as which types of control? (Select the BEST answer)

Want more practice with instant AI feedback?

Practice with AI

Continue Learning

Technical Controls Managerial Controls Operational Controls Physical Controls Preventive Controls

Ready to test your knowledge?

Practice questions on security controls overview and other Objective 1.1 concepts.

Start Practice

Back to Domain 1 Technical Controls