What role does a firewall play when it discards traffic from an identified malicious IP address?

A firewall serves as a preventive control when it discards traffic from an identified malicious IP address. The primary function of a firewall is to monitor and filter network traffic based on predetermined security rules. By actively rejecting or blocking traffic from sources classified as malicious, the firewall prevents threats from entering the network, thereby safeguarding the internal network and its systems from potential harm.

The essence of a preventive control lies in its ability to stop incidents from occurring before they can have an impact. In this case, blocking traffic from a known malicious IP address effectively halts any attempts at unauthorized access, malware dissemination, or other malicious activities, thus maintaining the network's integrity and security.

This proactive approach contrasts with other types of controls, such as corrective control, which is enacted after an incident has occurred to mitigate its effects, or detective control, which focuses on identifying and reporting anomalies within the network. The reconfigurable control isn't a standard term used in security practices, further supporting the choice of preventive control as the optimal answer in this context.