Which statement correctly differentiates preventive, detective, and corrective controls?

• A. Preventive stops incidents; Detective detects; Corrective restores from incidents
• B. Preventive detects; Detective prevents; Corrective delays response
• C. Preventive restores data; Detective encrypts; Corrective monitors
• D. Preventive ignores risk; Detective delays; Corrective prevents

Answer: (A)

Preventive, detective, and corrective controls describe how to manage risk across a system. Preventive controls are built to stop incidents before they happen, such as access controls, authentication, firewalls, and secure configurations. Detective controls are focused on identifying incidents as they occur or after the fact, through monitoring, logging, and intrusion detection. Corrective controls are about restoring normal operations after an incident, which includes backups, recovery procedures, and patches that fix the underlying issue.

This framing matches the statement well: preventive stops incidents, detective detects, and corrective restores from incidents. The other descriptions mix up these roles—detective actions aren’t preventive, corrective actions aren’t about delaying a response, and preventive actions aren’t about restoring data or encrypting.