Which of the following is an example of a detective control?

A detective control is designed to identify and report unwanted or unauthorized activities after they have occurred. The most fitting example among the choices presented is a Network Intrusion Detection System (NIDS), as its primary function is to monitor network traffic for suspicious activities or policy violations. When an intrusion attempt takes place, the NIDS logs this activity and alerts administrators, thereby detecting potential security issues that would otherwise remain unnoticed.

The other options do not serve as effective examples of detective controls. For instance, firewall configuration focuses on preventing unauthorized access rather than detecting it; therefore, it is categorized as a preventive control. A risk assessment report is more of an analysis to identify potential risks rather than a mechanism to detect incidents after they occur, making it a part of risk management rather than direct detection. Data encryption techniques protect the confidentiality and integrity of data by encoding it, thus preventing unauthorized access, and are also considered preventive controls.

In summary, the Network Intrusion Detection System is fundamentally designed to identify incidents of network security breaches, fulfilling the key characteristics of a detective control.