Exam 712-50 topic 1 question 262 discussion

NIST Special Publication 800-53: NIST defines corrective security controls as measures that are implemented to correct the impact of a security incident or vulnerability. In this case, dynamically blocking offending IP addresses after they are identified as threats serves to mitigate and correct the situation by preventing further malicious activity from those addresses (NIST, 2020). SANS Institute: The SANS Institute describes corrective controls as actions taken to eliminate or reduce the impact of an identified issue. Blocking IP addresses dynamically after detecting suspicious activity fits this description, as it aims to rectify the situation and prevent recurrence (SANS, 2021).

The CCISO all-in one exam page 74 has IPS's in Corrective and Preventative. Since Detective and Preventive or 2 different controls, A is wrong because there is no such controls as a "Preventative detection control" per the book EXAM TIP A control can be associated with more than one control functionality. For example, an IPS could be considered both preventive and corrective and fencing could be considered both....

Answer is B. CCISO book in Domain 2 on page 105 specifies IPS as a corrective control because it can terminate unauthorized sessions or take other action to stop an attack and restore services. Corrective controls include any measures taken to repair damage or restore resources and capabilities.

COSO PDC Defense-in-Depth ModeL, ips=dynamically block. If we have a look to correctdive controls on COSO PDC, it says that IPS is a corrective control .

It's A not B.