nerdexam
CompTIA

SY0-301 · Question #306

Which of the following can be performed when an element of the company policy cannot be enforced by technical means?

The correct answer is D. User training. When a policy requirement cannot be implemented through automated technical controls (software settings, access controls, firewall rules, etc.), the next best countermeasure is user training and awareness. Educating employees about the policy, the reasons behind it, and the conse

Security program management and oversight

Question

Which of the following can be performed when an element of the company policy cannot be enforced by technical means?

Options

  • ADevelop a set of standards
  • BSeparation of duties
  • CDevelop a privacy policy
  • DUser training

How the community answered

(51 responses)
  • A
    4% (2)
  • C
    2% (1)
  • D
    94% (48)

Explanation

When a policy requirement cannot be implemented through automated technical controls (software settings, access controls, firewall rules, etc.), the next best countermeasure is user training and awareness. Educating employees about the policy, the reasons behind it, and the consequences of non-compliance creates a human control layer. Developing standards (A) and privacy policies (C) are documentation activities that still require enforcement mechanisms. Separation of duties (B) is an administrative/technical control that divides critical tasks among multiple people - it does not address gaps where technical enforcement is impossible. User training directly compensates for technical gaps by making people aware of and accountable for their behavior.

Topics

#user training#security policy#administrative controls#compensating controls

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice