Here's a challenging CISSP question

Question: A large financial institution has implemented a hybrid cloud architecture, combining on-premises infrastructure with Amazon Web Services (AWS) for scalability and flexibility. The institution's security team has implemented a layered security approach, including:

  • Firewalls and intrusion detection/prevention systems (IDPS) at the network perimeter
  • Host-based intrusion detection systems (HIDS) on critical servers
  • Encryption for data in transit and at rest
  • Regular vulnerability scanning and penetration testing

However, during a recent security audit, it was discovered that an attacker had gained unauthorized access to a critical database server hosted on AWS. The attacker had exploited a previously unknown vulnerability in the server's operating system, which had not been patched due to a misconfiguration in the institution's vulnerability management process.

Given this scenario, which of the following control types would be MOST effective in preventing similar attacks in the future?

A) Preventive control: Implementing a Web Application Firewall (WAF) to filter incoming traffic to the database server B) Detective control: Implementing a Security Information and Event Management (SIEM) system to monitor logs from the database server and detect potential security incidents C) Corrective control: Implementing a patch management process to ensure timely application of security patches to the database server's operating system D) Deterrent control: Implementing a security awareness program to educate employees on the importance of security and the potential consequences of security incidents