A security team is considering implementing a control to prevent unauthorized access to a critical database. Which type of control is most appropriate for this objective?
Trap 1: Corrective control
Corrective controls remedy an incident after it has happened.
Trap 2: Detective control
Detective controls identify incidents after they occur, not prevent them.
Trap 3: Directive control
Directive controls guide behavior through policies, but do not actively prevent access.
- A
Corrective control
Why wrong: Corrective controls remedy an incident after it has happened.
- B
Preventive control
Preventive controls are designed to stop an incident from occurring.
- C
Detective control
Why wrong: Detective controls identify incidents after they occur, not prevent them.
- D
Directive control
Why wrong: Directive controls guide behavior through policies, but do not actively prevent access.