Which of the following is an example of a detective control?

Detective controls are designed to identify unauthorized activity as it happens or after it occurs, so you can investigate and respond quickly. An intrusion detection system fits this role because it continuously analyzes network traffic and system logs to spot suspicious patterns and generate alerts for security staff or automated responses. This is different from preventive controls like a firewall, which blocks traffic to stop incidents before they occur, or patching, which reduces vulnerabilities to prevent exploitation. Backups enable recovery after an incident, serving a corrective or recovery purpose rather than detection. So the intrusion detection system is the example of a detective control.