Detective controls are designed to identify and record unauthorized activities or access within a system or network. Intrusion Detection Systems (IDS) are a perfect example of detective controls since their main purpose is to detect potential security breaches, log security events, and alert systems or network administrators. While firewalls are used for prevention, and security policies guide user behavior, they are not primarily used to detect unauthorized activities.