Explanation/Reference:
Explanation:
Preventive controls are concerned with avoiding occurrences of risks.
The different functionalities of security controls are preventive, detective, corrective, deterrent, recovery, and compensating.
The six different control functionalities are as follows:
Deterrent: Intended to discourage a potential attacker

Preventive: Intended to avoid an incident from occurring

Corrective: Fixes components or systems after an incident has occurred

Recovery: Intended to bring the environment back to regular operations

Detective: Helps identify an incident's activities and potentially an intruder

Compensating: Controls that provide an alternative measure of control

Incorrect Answers:
A: Deterrent controls are intended to discourage a potential attacker. A potential hacker is a risk; however, it is just one type of risk. Preventive controls are concerned with avoiding all risks.
B: Detective controls are used to discover harmful occurrences; not avoid them.
D: Compensating controls provide an alternative measure of control. They are not the primary control type concerned with avoiding occurrences of risks.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 30