Certified in Risk and Information Systems Control (CRISC) — Question 80

Which of the following is a detective control?

Answer options

• A. Limit check
• B. Access control software
• C. Periodic access review
• D. Rerun procedures

Correct answer: C

Explanation

The correct answer is C, as a periodic access review is designed to detect unauthorized access or changes within a system. Options A, B, and D are examples of preventive controls, which are intended to stop issues before they occur, rather than detect them after the fact.