Generalization error
A rule that's generally true doesn't fit the specific case in the stem. The trap rewards the generalization and punishes you for not reading the exception.
The Trap in One Sentence
You applied a generally-true rule that doesn't fit the specific case in the stem. The exception in the scenario flipped the answer.
Pairs Candidates Confuse
General vs domain-specific
General vs constraint
How to Avoid It
- →When a stem mentions a specific industry (healthcare, OT, finance), pause and recall its exceptions.
- →If a choice sounds like a slogan ('always do X'), look for a stem signal that contradicts it.
Frequently Asked Questions
How do I recognize a generalization-error trap in an exam question?
Watch for a generally-accepted rule (always patch immediately, always encrypt at rest, always isolate compromised hosts) appearing as a choice while the stem mentions a specific scenario where the rule has a known exception. The trap rewards the slogan-correct answer and punishes you for not reading the exception.
What's the tell-tale stem phrasing that signals this trap?
Industry-specific qualifiers: "OT/SCADA," "life-safety system," "FedRAMP environment," "healthcare clinical system," "air-gapped network." These industries have well-known exceptions to general security best practices (no auto-patch for OT, no shutdown for clinical systems mid-procedure). The qualifier IS the trap signal.
If a generally-true rule and an exception both seem to fit, how do I decide?
Match the qualifier to the industry's known exception. "OT cannot be patched immediately" — picks segmentation over patching. "Clinical system cannot be isolated mid-procedure" — picks compensating controls over containment. If the stem doesn't have a qualifier, the general rule usually wins.
What's a real example of a generalization-error trap?
Stem: "A critical-care ventilator in active clinical use shows signs of compromise. What is the BEST immediate response?" Choices: (a) isolate the device from the network, (b) enable enhanced monitoring while keeping the device online, (c) reimage the device, (d) shut down the device. Healthcare clinical context flips the textbook "isolate first" rule. The answer is (b) — preserving patient safety overrides typical IR containment.
How is generalization-error different from wrong-question-right-answer?
Generalization-error: you applied a generally-true rule that doesn't fit the exception in the stem. Wrong-question-right-answer: your answer is correct for a slightly different stem on the same topic — not necessarily an exception, just the wrong scope of question. Generalization-error is about rules; wrong-question-right-answer is about question scope.
Why do item writers love this distractor mechanism?
It catches candidates who memorized rules without internalizing when they apply. Real security work is exception-driven — half the job is knowing when the textbook answer doesn't fit. Item writers use it to discriminate practitioners from rule-memorizers.
Where does this trap show up most often?
CISSP across most domains (CISSP is built around contextual judgment). CISM for risk-management context. Sec+ in OT/ICS and legacy-system questions. Industry-specific certs (CISA for audit-specific exceptions, GICSP for OT exceptions) feature it heavily because their entire purpose is teaching the exceptions.
How do I deliberately drill against this archetype?
Use the trap drill linked from the section above to focus reps on this pattern. Build a list of "general rule + known exceptions" pairs during study (patch immediately + OT exception; isolate compromised + clinical exception; encrypt at rest + performance exception). The list itself is short — maybe 15-20 pairs — and committing them to memory defuses the archetype.
Practice Against This Trap
14 cert-prep questions currently use this archetype as a distractor. Run a trap drill to face them in a row.
Run a Generalization error trap drill →Related Traps
- Right answer, wrong questionYour choice is the correct answer to a different scenario on the same objective. The stem framed a specific case; you answered the general one.
- Theory-vs-practiceYou picked the textbook-correct answer when the scenario called for the practical/operational answer. Real-world constraints can flip the right move.
- Best-vs-correctYour choice is technically correct, but the question asked for BEST/MOST/PRIMARY and a stronger answer was available.