Which type of control offers preventive capabilities by removing elements often exploited by an adversary and is considered a technical, not physical, control?

The correct answer is hardening, as it refers to the process of securing a system by reducing its surface of vulnerability, thereby removing or minimizing the elements that adversaries might exploit. This can include techniques like applying security patches, configuring settings to close unused ports, disabling unnecessary services, and removing default accounts. These actions strengthen systems against unauthorized access and attacks, making them a proactive preventive control.

In contrast, lighting, cameras, and access logs are primarily physical or procedural controls. While lighting and cameras enhance security by acting as deterrents and monitoring mechanisms, they do not in themselves stop an attack from occurring; they merely help in monitoring or responding after a potential breach. Access logs provide records of system activity, which are useful for auditing and incident response but do not directly remove vulnerabilities in technical systems. Thus, hardening stands out as a technical means of prevention through the elimination of exploitable elements.