The correct answer is 'To provide temporary measures when immediate eradication is not feasible.' Compensating controls are alternative measures put in place to temporarily reduce the risk when the ideal remediation action is not immediately possible, ensuring some level of security is maintained in the interim. Implementing a PIR is incorrect as it refers to a Post-Incident Review, which occurs after remediation. Re-establishing baseline is a part of recovery phase to ensure systems are functioning according to the standard configurations, not a part of remediation. Forensic analysis is conducted to understand how an incident occurred and to collect evidence, not as a compensating control during remediation.