After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Compensating controls are alternative measures implemented to satisfy security requirements when primary controls cannot be used. They do not actively detect security incidents but rather provide a workaround to mitigate risks. In this case, reviewing log files does not align with the definition of compensating controls, as it directly relates to identifying security issues rather than providing an alternative measure.

Preventive controls are designed to stop security incidents before they occur, such as firewalls or access controls. While these controls are essential for overall security posture, they do not involve the review of log files for identifying past incidents. Hence, this choice does not accurately represent the action taken by the administrator.

Corrective controls are actions taken to address security incidents after they have been detected, aiming to restore systems or mitigate damage. While reviewing logs is part of the incident response process, it does not fall under corrective controls since it focuses on detection rather than remediation.