After a recent ransomware attack on a companys system an adm - CompTIA Security+ SY0-701
Question
After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?
Answers
-
-
correct
-
-
Explanation
Correct Answer: B. Detective
By reviewing the log files after a ransomware attack, the administrator is using a detective control. Detective controls are designed to identify and record potential security incidents, enabling administrators to analyze what happened and potentially trace the source of the issue. Log files are a common example of detective controls, as they help monitor and detect events post-occurrence.
Explanations for Incorrect Options:
-
Compensating:
Compensating controls are alternative measures implemented when primary controls are not feasible. For example, if multi-factor authentication isn't available, a compensating control might involve strict monitoring. Reviewing log files after an attack does not fit this category. -
Preventive:
Preventive controls are implemented to stop an attack before it occurs (e.g., firewalls, anti-malware software, or access controls). Reviewing log files after an attack is a reactive process, not a preventive measure, so this is incorrect. -
Corrective:
Corrective controls are applied after an incident to restore systems to normal operation (e.g., restoring from backups or patching vulnerabilities). While reviewing logs helps analyze the attack, it does not directly correct or restore the system, so this is not the correct answer.
No Payment Cards Needed
