SANS Security's Foundation Test 2025 – 400 Free Practice Questions to Pass the Exam

Controls that aim to detect security breaches are classified specifically as detection controls. These controls are designed to identify and alert the organization to any unauthorized or unexpected activities within a system. Their primary function is to monitor systems, network traffic, and user activities to flag anomalies that may indicate a potential security breach.

Detection controls may include intrusion detection systems (IDS), security information and event management (SIEM) tools, and log monitoring processes. Such measures are crucial as they allow organizations to react swiftly to incidents, minimizing potential damage.

While other types of controls—like preventive and responsive—play significant roles in an organization's security posture, they serve different purposes. Preventive controls are proactive measures designed to stop security breaches before they occur, while responsive controls pertain to actions taken after a breach is detected to mitigate the impact and restore normal operations. Thus, the specific aim of detecting breaches falls squarely on detection controls.