Which type of control is concerned with avoiding occurrences of risks?

A.
Deterrent controls

B.
Detective controls

C.
Preventive controls

D.
Compensating controls

Explanation:
Preventive controls are concerned with avoiding occurrences of risks.
The different functionalities of security controls are preventive, detective, corrective, deterrent, recovery, and
compensating.
The six different control functionalities are as follows:
Deterrent: Intended to discourage a potential attacker
Preventive: Intended to avoid an incident from occurring
Corrective: Fixes components or systems after an incident has occurred
Recovery: Intended to bring the environment back to regular operations
Detective: Helps identify an incident’s activities and potentially an intruder
Compensating: Controls that provide an alternative measure of control
Incorrect Answers:
A: Deterrent controls are intended to discourage a potential attacker. A potential hacker is a risk; however, it is
just one type of risk. Preventive controls are concerned with avoiding all risks.
B: Detective controls are used to discover harmful occurrences; not avoid them.
D: Compensating controls provide an alternative measure of control. They are not the primary control type
concerned with avoiding occurrences of risks.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 30