Describe the difference between preventative, detective, and corrective controls with an example for each.

The main idea here is understanding how controls are categorized by what they do: prevent, detect, or correct. Preventative controls aim to stop an incident before it happens. They set up barriers or rules so unauthorized access or actions can’t occur, such as access controls, strong authentication, or network segmentation. Detective controls, on the other hand, are about noticing that something has already happened so you can respond quickly. They monitor systems and networks to identify signs of compromise, like intrusion detection systems, security logs, or continuous monitoring tools. Corrective controls come into play after an incident to restore operations and reduce impact, such as restoring data from backups, applying patches to fix vulnerabilities, and executing disaster recovery plans. Together, these three types form a layered approach: prevention reduces the chance of an incident, detection helps you catch what slips through, and correction helps you recover and prevent recurrence. Some of the other options mix up these roles or rely on unrelated concepts. For example, claiming detective controls prevent incidents confuses the purpose of detection with prevention. Saying corrective controls create new incidents misstates their goal of recovery and mitigation. Linking preventative controls to legal compliance or seeing detective work as auditing shifts the focus from functional roles to activities, which isn’t the same as describing how prevention, detection, and correction operate. Saying preventative controls are optional or that detective are the same as preventative also mischaracterizes their distinct functions.