Which type of control is concerned with restoring controls?

A.
Compensating controls

B.
Corrective controls

C.
Detective controls

D.
Preventive controls

Explanation:
Corrective controls are used to restore systems after an incident has occurred.
The different functionalities of security controls are preventive, detective, corrective, deterrent, recovery, and
compensating.
The six different control functionalities are as follows:
Deterrent: Intended to discourage a potential attacker
Preventive: Intended to avoid an incident from occurring
Corrective: Fixes components or systems after an incident has occurred
Recovery: Intended to bring the environment back to regular operations
Detective: Helps identify an incident’s activities and potentially an intruder
Compensating: Controls that provide an alternative measure of control
Incorrect Answers:
A: Compensating controls provide an alternative measure of control. They are not used to restore systems after
an incident.
C: Detective controls are used to discover harmful occurrences. They are not used to restore systems after an
incident.
D: Preventive controls are used to avoid an incident from occurring. They are not used to restore systems after
an incident.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 30