Which category of access control is designed to prevent an attack from happening?

The category of access control designed to prevent an attack from occurring is preventative access control. This type of control aims to reduce the likelihood of security breaches or incidents before they happen by implementing measures that restrict unauthorized access or make it difficult for potential attackers to succeed in their attempts. Examples of preventative controls include firewalls that block unauthorized traffic, encryption that secures data, and security policies that govern user access and behavior.

In contrast, other categories serve different purposes. Detective controls are intended to identify and respond to incidents once they have occurred, such as intrusion detection systems that alert security personnel to potential breaches. Corrective controls focus on remedying issues that have already happened, such as restoring data from backups after a data breach. Deterrent controls are meant to deter potential attackers through the threat of consequences or penalties, such as security signage or monitoring surveillance cameras. Each category plays a specific role in a comprehensive security strategy, but preventative controls are distinct in their proactive approach to stopping attacks before they can take place.