Exam CISA topic 1 question 941 discussion

The processes developed to recover critical files in the event of a ransomware attack represent a type of control known as: B. Detective Detective controls are designed to detect and respond to security incidents or events after they have occurred. In this case, the recovery processes are activated after a ransomware attack has already taken place to detect and mitigate the impact by recovering critical file

Should be A as its the process to recover the files. Recovery is corrective control.

A : Corrective

answer is A

The processes developed by the organization to recover critical files in the event of a ransomware attack represent a compensating control. Compensating controls are alternative controls put in place to address a residual risk after the implementation of preventive or detective controls has not reduced the risk to an acceptable level. In this case, the organization has implemented processes to recover critical files in the event of a ransomware attack as a way of mitigating the risk of data loss in the event of a successful attack. While the ideal situation would be to prevent the attack from occurring in the first place through the implementation of preventive controls (e.g. anti-virus software, firewalls, etc.), the compensating control provides a backup plan to minimize the impact of the attack if it does occur. This type of control is often used when the cost or complexity of implementing preventive controls is high or when the likelihood of the risk event is low.

answer is A

A. Corrective

This is a corrective control

Tenis is corective control