CompTIA Security+ (SY0-701) — Question 135

After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Answer options

• A. Compensating
• B. Detective
• C. Preventive
• D. Corrective

Correct answer: B

Explanation

The correct answer is B, Detective controls are designed to identify and monitor events, such as reviewing log files after an incident. Options A, C, and D represent different control types: Compensating controls provide alternative measures, Preventive controls aim to stop incidents before they occur, and Corrective controls are used to restore systems after an incident.