CV0-003 · Question #18
A company security policy mandates education and training for new employees. The policy must outline acceptable use policies for SaaS applications. Given these requirements, which of the following sec
The correct answer is C. Corrective. Education and training programs correct security knowledge deficiencies in employees, making them a corrective control that addresses identified gaps in awareness and acceptable use behavior.
Question
A company security policy mandates education and training for new employees. The policy must outline acceptable use policies for SaaS applications. Given these requirements, which of the following security controls is BEST suited?
Options
- APreventive
- BDetective
- CCorrective
- DPhysical
How the community answered
(30 responses)- A3% (1)
- B13% (4)
- C77% (23)
- D7% (2)
Why each option
Education and training programs correct security knowledge deficiencies in employees, making them a corrective control that addresses identified gaps in awareness and acceptable use behavior.
Preventive controls such as firewalls or access control lists technically block threats before they occur rather than addressing knowledge or behavioral deficiencies through education.
Detective controls such as SIEM systems or audit logs identify and alert on security incidents after they happen rather than correcting employee knowledge gaps.
Corrective controls address and remediate identified deficiencies or weaknesses in a process or system. Security education and training corrects the lack of employee knowledge about acceptable use policies for SaaS applications, thereby reducing the risk of user-driven security incidents. This differs from preventive controls because training responds to a recognized knowledge gap rather than proactively blocking a specific technical threat vector.
Physical controls involve tangible security mechanisms such as locks, fences, or surveillance cameras and do not apply to policy education or training programs.
Concept tested: Classifying security controls by functional type
Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.