Security Controls Explained — Categories vs Types (Sec+ SY0-701 1.1)

Master CompTIA Security+ SY0-701 Objective 1.1 — Compare and Contrast Various Types of Security Controls. Domain 1 weighs 12 percent of the exam, and 1.1 is the foundation every other domain rests on. Every security control wears two hats — a category (where the control lives) and a type (what it does functionally). Get one and miss the other, and the exam scores you half-credit. Today we fix that. This lesson walks the full dual-axis matrix: the four categories (Technical, Managerial, Operational, Physical), the six types (Preventive, Deterrent, Detective, Corrective, Compensating, Directive), and the language traps the exam loves. The classic IDS-vs-IPS distinction. The camera that wears three hats at once. The compensating-control language cues that signal the right answer in the question stem. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📚 WHAT YOU'LL LEARN ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✅ The dual-axis framing — every control has BOTH category AND type ✅ The 4 categories — Technical · Managerial · Operational · Physical ✅ The 6 types — Preventive, Deterrent, Detective, Corrective, Compensating, Directive ✅ IDS vs IPS — the classic exam trap (D for Detect · P for Prevent) ✅ Why a security camera is Physical + Detective + Deterrent (3 hats) ✅ When compensating controls apply — "cannot patch" / "legacy system" cues ✅ Directive controls — pure behavior — AUP, HIPAA, password policies ✅ Real controls walked through both axes for exam-style answers ✅ Exam-stem language cues that map to specific control types ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⏱ @:00 Intro 00:10 LIVE BRIEF · COLD OPEN 01:03 THE FRAMING · MEMORIZE THIS COLD 02:57 AXIS 1 · CATEGORIES · 4 OF THEM 06:15 AXIS 2 · TYPES · 6 OF THEM (PART 1) 07:47 AXIS 2 · TYPES · 6 OF THEM (PART 2) 09:42 EXAM TRAP · CLASSIC 02:08 THE CANONICAL EXAMPLE 10:38 THE WORKAROUND CONTROL 13:30 DIRECTIVE · PURELY BEHAVIORAL 11:31 PUTTING IT TOGETHER · CATEGORY × TYPE 12:28 EXAM TRAPS · MEMORIZE THESE PATTERNS 15:18 QUICK RECAP · YOUR EXAM CHECKLIST 0:00 Introduction — the auditor and the camera 1:00 The dual-axis framing — two hats on every control 2:30 The 4 categories explained 4:30 Types part 1 — Preventive, Deterrent, Detective 6:30 Types part 2 — Corrective, Compensating, Directive 8:30 IDS vs IPS — the classic exam trap 10:00 The camera example — 3 hats at once 11:30 Compensating controls — when the primary can't be done 13:00 Directive controls — pure behavior 14:00 Real controls walked through both axes 15:30 Exam-stem language cues 16:30 Recap — five things to memorize cold 17:00 Up next — Objective 1.2 Fundamentals ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🎯 EXAM QUICK REFERENCE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ THE 2 AXES (the framing) • Category — where the control lives / who implements it • Type — what the control does functionally THE 4 CATEGORIES • Technical — implemented by tech (firewalls, MFA, encryption, ACLs) • Managerial — implemented by policy (risk assessments, awareness training, audits) • Operational — implemented by people (guards, SOPs, separation of duties) • Physical — tangible real-world (locks, fences, cameras, badges, lighting) THE 6 TYPES • Preventive — stops the threat before it lands • Deterrent — discourages the attempt (signs, visible guards, lights) • Detective — identifies after the fact (IDS, SIEM, audit logs, cameras) • Corrective — fixes after an incident (backup restore, reimage, patch) • Compensating — substitute when primary cannot be implemented • Directive — instructs human behavior (AUP, policy, regulation) IDS vs IPS (memorize cold) • IDS — Detective — out-of-band — alerts after detection • IPS — Preventive — inline — drops malicious traffic • Mnemonic: IDS = D for Detect / IPS = P for Prevent CAMERA = 3 HATS • Physical (always) — it's a real device • Detective — it records footage for forensics • Deterrent — it discourages attempts when visible COMPENSATING CONTROL CUES (in question stems) • "cannot be patched" / "legacy system" / "workaround" • "MFA cannot be deployed" / "primary control not feasible" • Answer: alternative control like increased monitoring or segmentation DIRECTIVE CONTROL CUES • Anything that mandates human behavior — policy, regulation, law • AUP, HIPAA, GDPR, PCI-DSS, password policies, training requirements EXAM TRAP — answer BOTH axes • If asked "what category and type", always answer both • Example: bollard at the loading dock = Physical (category) + Preventive (type) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔗 Full Security+ SY0-701 course: https://secplus.it-learn.io ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ▶ SUBSCRIBE for the rest of the series — every objective, every domain. ▶ COMING NEXT: Objective 1.2 — Fundamentals (CIA, AAA, non-repudiation) #SecurityPlus #SY0-701 #CompTIA #Cybersecurity #SecurityControls #ITLearn #SecurityEngineer #InfoSec #ITCertification #CybersecurityTraining