Certificate of Cloud Auditing Knowledge (CCAK) — Question 64

Which of the following is an example of a corrective control?

Answer options

• A. A central anti-virus system installing the latest signature files before allowing a connection to the network
• B. Unsuccessful access attempts being automatically logged for investigation
• C. Privileged access to critical information systems requiring a second factor of authentication using soft token
• D. All new employees having standard access rights until their manager approves privileged rights

Correct answer: B

Explanation

The correct answer is B because corrective controls are actions taken to rectify issues after they have occurred, such as logging unsuccessful access attempts for future analysis. The other options represent preventive controls (A and C) or administrative controls (D) that are not specifically aimed at correcting problems after they arise.