During routine checks, configuration management finds several branch firewalls drifted from the approved baseline because a contractor changed settings locally. An automation job now compares each device nightly and automatically reapplies the approved configuration without waiting for a human ticket. Which control type is the automation?
The automation runs after drift is detected and restores the approved baseline, which means it is correcting the affected system back to a known-good state. It does more than report the problem; it remediates the configuration. That is why the best answer is corrective control rather than detective or preventive control.
Why this answer
The automation job corrects a detected drift by automatically reapplying the approved configuration, which is a classic corrective control. Corrective controls are designed to remediate or reverse an unwanted change or security event after it has been detected. In this scenario, the nightly comparison is detective, but the automatic reapplication is the corrective action.
Exam trap
The trap here is that candidates see 'compares each device nightly' and mistakenly classify the entire process as detective, ignoring that the automatic reapplication is the corrective action that distinguishes the control type.
How to eliminate wrong answers
Option A is wrong because directive controls are policies, standards, or guidelines that define acceptable behavior (e.g., 'firewalls must use the approved baseline'), not automated remediation actions. Option B is wrong because detective controls identify or log a deviation (e.g., the nightly comparison itself), but the automation goes further by actively fixing the drift. Option D is wrong because deterrent controls discourage unwanted behavior through fear of consequences (e.g., warning banners or audit trails), not by automatically correcting configuration changes.