An organization requires a security control that verifies an ongoing network communication for signs of anomalous activities and alerts administrators if suspicious traffic patterns are detected. Which type of control aligns BEST with these requirements?
Detective controls are designed to identify and alert when security incidents occur or anomalies are detected, which includes monitoring network communications for suspicious activities. Preventive controls, as their name implies, aim to stop incidents from occurring, but they may not have alerting capabilities. Corrective controls are actions taken to repair the damage or restore systems after a security event, not to identify or detect them. Deterrent controls aim to discourage potential attackers but are not inherently designed for detecting anomalies within network communications.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are examples of detective controls?
Open an interactive chat with Bash
How does a detective control differ from a preventive control?
Open an interactive chat with Bash
What is an Intrusion Detection System (IDS), and how does it work?