CompTIA Security+ (SY0-601) — Question 290

Which of the following control types is patch management classified under?

Answer options

• A. Deterrent
• B. Physical
• C. Corrective
• D. Detective

Correct answer: C

Explanation

Patch management is considered a corrective control because it involves fixing vulnerabilities and issues in software to prevent exploitation. The other options do not apply; deterrent controls aim to discourage incidents, physical controls involve tangible security measures, and detective controls are focused on identifying and reporting incidents after they occur.