SY0-301 · Question #306
Which of the following can be performed when an element of the company policy cannot be enforced by technical means?
The correct answer is D. User training. When a policy requirement cannot be implemented through automated technical controls (software settings, access controls, firewall rules, etc.), the next best countermeasure is user training and awareness. Educating employees about the policy, the reasons behind it, and the conse
Question
Which of the following can be performed when an element of the company policy cannot be enforced by technical means?
Options
- ADevelop a set of standards
- BSeparation of duties
- CDevelop a privacy policy
- DUser training
How the community answered
(51 responses)- A4% (2)
- C2% (1)
- D94% (48)
Explanation
When a policy requirement cannot be implemented through automated technical controls (software settings, access controls, firewall rules, etc.), the next best countermeasure is user training and awareness. Educating employees about the policy, the reasons behind it, and the consequences of non-compliance creates a human control layer. Developing standards (A) and privacy policies (C) are documentation activities that still require enforcement mechanisms. Separation of duties (B) is an administrative/technical control that divides critical tasks among multiple people - it does not address gaps where technical enforcement is impossible. User training directly compensates for technical gaps by making people aware of and accountable for their behavior.
Topics
Community Discussion
No community discussion yet for this question.