CompTIA Security+ (SY0-501) — Question 511

A preventive control differs from a compensating control in that a preventive control is:

Answer options

• A. put in place to mitigate a weakness in a user control.
• B. deployed to supplement an existing control that is EOL.
• C. relied on to address gaps in the existing control structure.
• D. designed to specifically mitigate a risk.

Correct answer: C

Explanation

The correct answer is C because preventive controls are aimed specifically at addressing shortcomings in the existing control system. Options A, B, and D describe different functions of controls but do not capture the primary purpose of a preventive control, which is to directly address gaps in the control structure.