Certified in Risk and Information Systems Control (CRISC) — Question 340

Implementing which of the following controls would BEST reduce the impact of a vulnerability that has been exploited?

Answer options

• A. Preventive control
• B. Deterrent control
• C. Corrective control
• D. Detective control

Correct answer: C

Explanation

Corrective controls are designed to fix or mitigate the damage caused by an exploited vulnerability, making them the best choice for reducing impact. Preventive controls aim to stop vulnerabilities from being exploited in the first place, while deterrent controls aim to discourage attacks; neither of these directly addresses the aftermath of an exploit. Detective controls help identify incidents but do not mitigate their impact.