CompTIA Security+ (SY0-601) — Question 378

After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Answer options

• A. Compensating
• B. Detective
• C. Preventive
• D. Corrective

Correct answer: B

Explanation

The correct answer is B, Detective, as reviewing log files is a method to identify and understand incidents after they occur. Compensating controls provide alternative measures, Preventive controls aim to stop incidents before they happen, and Corrective controls are used to fix issues after they arise, none of which directly relate to the act of examining logs.