Marty wants to deploy a corrective control to deal with a recently compromised system. Which of the following would be considered a corrective control?

Corrective controls attempt to remediate security issues that have already occurred. Patching the flaw that allowed an attack to succeed is an example of a corrective control. Deploying full-disk encryption or an EDR tool are both examples of preventive controls, and logging and log monitoring are examples of detective controls. It is important to note that in many cases, controls could be identified as multiple potential control types. In cases where controls might fit multiple control types, you should look for the control that is most obviously the correct control type.