Certified Information Systems Auditor (CISA) — Question 639

Which of the following is an example of a corrective control?

Answer options

• A. Utilizing processes that enforce segmentation of duties
• B. Generating automated batch job failure notifications
• C. Restoring system information from data backups
• D. Employing only qualified personnel to execute tasks

Correct answer: C

Explanation

The correct answer, C, refers to the action of restoring system information from backups, which is a corrective measure taken after a failure or data loss. The other options represent preventive or detective controls rather than corrective actions, as they focus on avoiding issues or monitoring failures rather than addressing them after they have occurred.