Which of the following is an example of a corrective control?

Corrective controls are designed to identify and rectify issues that have already occurred and to restore systems to a state of normal functioning after an incident has taken place. In this context, the removal of antivirus software can be seen as a corrective measure. If malware or a security breach is detected on a system, removing the compromised antivirus software is a direct response aimed at correcting an existing security issue and preventing further breaches.

In contrast, system performance reviews focus on assessing the efficiency and effectiveness of a system, which is more about monitoring and preventive measures rather than correcting a problem that has already arisen. Data backup verification is part of a preventive strategy ensuring that backups are functioning correctly, whereas process validation typically ensures that procedures are in place and operating as intended, which again leans more towards prevention rather than correction.

Understanding these distinctions is critical for recognizing the role of various types of controls in an information systems environment.