What type of access control detects an attack during or after it has occurred?

The type of access control that detects an attack during or after it has occurred is detective access control. This form of access control plays a crucial role in security management by identifying security breaches or suspicious activities after they have happened. Detective controls are designed to monitor systems and alert security personnel about potential threats or security incidents, providing important information for response and analysis.

Detective controls include measures such as intrusion detection systems, log analysis, and security information and event management (SIEM) systems, which continuously observe activities and generate alerts in real time or after the fact. They support an organization’s ability to react to incidents and improve future security measures by analyzing the detected anomalies or breaches.

In contrast, other types of access controls focus on different aspects of security. Preventative controls aim to stop security incidents before they occur, such as implementing firewalls or access control lists. Corrective controls are used to mitigate the impact of an incident after it has been detected and to recovery actions. Recovery controls help organizations restore normal operations and recover compromised systems or data. These distinguishing features highlight why the correct answer revolves around detecting incidents as they happen or after they have taken place.