nerdexam
CompTIA

CV0-003 · Question #18

A company security policy mandates education and training for new employees. The policy must outline acceptable use policies for SaaS applications. Given these requirements, which of the following sec

The correct answer is C. Corrective. Education and training programs correct security knowledge deficiencies in employees, making them a corrective control that addresses identified gaps in awareness and acceptable use behavior.

Security

Question

A company security policy mandates education and training for new employees. The policy must outline acceptable use policies for SaaS applications. Given these requirements, which of the following security controls is BEST suited?

Options

  • APreventive
  • BDetective
  • CCorrective
  • DPhysical

How the community answered

(30 responses)
  • A
    3% (1)
  • B
    13% (4)
  • C
    77% (23)
  • D
    7% (2)

Why each option

Education and training programs correct security knowledge deficiencies in employees, making them a corrective control that addresses identified gaps in awareness and acceptable use behavior.

APreventive

Preventive controls such as firewalls or access control lists technically block threats before they occur rather than addressing knowledge or behavioral deficiencies through education.

BDetective

Detective controls such as SIEM systems or audit logs identify and alert on security incidents after they happen rather than correcting employee knowledge gaps.

CCorrectiveCorrect

Corrective controls address and remediate identified deficiencies or weaknesses in a process or system. Security education and training corrects the lack of employee knowledge about acceptable use policies for SaaS applications, thereby reducing the risk of user-driven security incidents. This differs from preventive controls because training responds to a recognized knowledge gap rather than proactively blocking a specific technical threat vector.

DPhysical

Physical controls involve tangible security mechanisms such as locks, fences, or surveillance cameras and do not apply to policy education or training programs.

Concept tested: Classifying security controls by functional type

Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Topics

#security controls#acceptable use policy#SaaS security#employee training

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice