Detective controls have which purpose?

Prepare for the Internal Auditing Standards and Practices - Cybersecurity Test. Gain confidence with multiple choice questions and clear explanations. Ace your exam!

Multiple Choice

Detective controls have which purpose?

Explanation:
Detective controls exist to identify and reveal activity that deviates from normal operations, either as it happens or after the fact. Their job is to provide visibility into security events so analysts can investigate, contain, and respond. Tools such as SIEM systems, centralized log monitoring, and intrusion detection systems are classic detective controls because they surface indicators of compromise, unusual patterns, or policy violations, generating alerts and evidence for follow-up. They are not meant to stop events from occurring—that’s the role of preventive controls like firewalls, access controls, and patching. They also don’t restore services after an outage—that function belongs to recovery or corrective controls such as backups and disaster recovery plans. And they don’t restrict access as a preventive measure—that would be an aspect of access control, which aims to prevent unauthorized actions in the first place. So, detective controls are best described as the mechanisms that identify attacks or incidents during or after they occur, enabling timely investigation and response.

Detective controls exist to identify and reveal activity that deviates from normal operations, either as it happens or after the fact. Their job is to provide visibility into security events so analysts can investigate, contain, and respond. Tools such as SIEM systems, centralized log monitoring, and intrusion detection systems are classic detective controls because they surface indicators of compromise, unusual patterns, or policy violations, generating alerts and evidence for follow-up.

They are not meant to stop events from occurring—that’s the role of preventive controls like firewalls, access controls, and patching. They also don’t restore services after an outage—that function belongs to recovery or corrective controls such as backups and disaster recovery plans. And they don’t restrict access as a preventive measure—that would be an aspect of access control, which aims to prevent unauthorized actions in the first place.

So, detective controls are best described as the mechanisms that identify attacks or incidents during or after they occur, enabling timely investigation and response.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy