An IS auditor notes that several of a client’s servers are vulnerable to attack due to open unused ports and protocols. The auditor recommends management implement minimum security requirements. Which type of control has been recommended?
A. Preventive
B. Corrective
C. Directive
D. Compensating
A. Preventive
B. Corrective
C. Directive
D. Compensating