CompTIA Security+ (SY0-601) — Question 847

An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented?

Answer options

• A. Compensating
• B. Corrective
• C. Preventive
• D. Detective

Correct answer: D

Explanation

The organization has implemented a Detective control because it focuses on identifying gaps and discrepancies in configurations against established guidelines. Compensating controls provide alternatives to primary controls, Corrective controls aim to fix identified issues, and Preventive controls are designed to stop incidents before they occur, none of which fit the description of comparing existing settings against guidelines.