Examples of detective controls do NOT typically include:

Detective controls are designed to identify and detect undesirable events after they have occurred, allowing an organization to react appropriately. In this context, regular data backups are not considered a detective control; rather, they are preventive in nature. The primary purpose of backups is to safeguard data by ensuring that it can be restored in the event of loss, corruption, or disaster.

On the other hand, log analysis, antivirus software monitoring, and network monitoring tools all actively look for signs of security incidents or irregularities in the system. These tools analyze data or network traffic to detect unauthorized access, malware, or other security breaches, making them key components of a detective control framework. Thus, identifying regular data backups as not fitting within the category of detective controls is accurate, as their function is primarily focused on prevention and recovery rather than detection.