Which option can be classified as a compensating control to limit damage to a compromised system?

Disabling the compromised system's network adapter is a compensating control that can effectively limit damage caused by a compromised system. This action restricts the system's ability to communicate with external networks, reducing the potential for further spread of malicious activity, data exfiltration, or communication with command-and-control servers. By severing network connectivity, the system remains isolated, allowing incident response teams to investigate and remediate the issue without the risk of additional harm.

The other options do not serve as effective compensating controls in this context. Deleting system files may not address the root cause of compromise and can lead to data loss or system instability. Physically removing the compromised system from the network could also disrupt legitimate operations and may not always be practical. Shutting down the entire network is an extreme measure that would affect all users and services on that network, rather than isolating just the compromised system. Disabling the network adapter specifically targets the threat while minimizing disruption, making it the most appropriate compensating control in this scenario.