Exam SY0-701 topic 1 question 27 discussion

D. Preventive AUP is pretty obviously trying to prevent things from happening. It's not A. Detective because it doesn't detect anything. It's a policy. It's not B. Compensating because it isn't making up for any other policy included in the question. It's not C. Corrective because it doesn't correct anything on it's own, it's simply a policy that is to be followed. So it could only be D. Preventive, as it prevents people from doing things that might compromise the network.

An acceptable use policy best represents: D. Preventive An acceptable use policy is designed to prevent security incidents by defining the acceptable and unacceptable behaviors and actions for users within an organization. By setting clear guidelines and expectations, it aims to prevent misuse and ensure that users adhere to security protocols, thereby reducing the risk of security breaches.

An Acceptable Use Policy sets guidelines and rules for how users should behave when using an organization's network, devices, and other resources. It is preventive in nature because it aims to prevent improper behavior and reduce the likelihood of security incidents before they occur by clearly defining acceptable and unacceptable actions. Preventive controls aim to deter security violations or unwanted behaviors from happening in the first place. AUPs prevent misuse of resources by setting clear boundaries on what is and isn’t allowed, such as restrictions on accessing certain websites or using unauthorized software.

I find myself wondering if the actual exam uses "Directive" as A instead of Detective. Jason Dion's course actually used AUP as it's example of a Directive Control: Directive Controls - Often rooted in policy or documentation and set the standards for behavior within an org. Ex. Acceptable Use Policies (AUPs). Guides the entire process.

An acceptable use policy serves as a preventive measure by clearly outlining what constitutes acceptable and unacceptable behavior. This deters employees from engaging in activities that could lead to security breaches or misuse of resources. Education: By educating users about proper usage and potential consequences of violations, the policy reduces the likelihood of accidental or intentional security incidents. Legal and Compliance: AUPs also help establish a legal framework for acceptable use, which can prevent legal liabilities and ensure compliance with regulatory requirements. Why it is is the best choice: The primary goal of an AUP is to prevent misuse of IT resources by setting clear expectations and guidelines. By defining what is acceptable, the policy acts as a preventive control, helping to mitigate risks before they materialize.

Acceptable Use Policy (AUP) is a preventive security control type. AUP is a document that outlines the do's and don'ts for users when interacting with an organization's IT systems and resources and defines appropriate and prohibited use of IT systems/resources as a preventive security control.

By restricting access to the administrator console to just the IT manager and the help desk lead, the IT manager is implementing least privilege. This ensures that only those who need elevated access for their roles can use administrative functions, reducing the risk of unauthorized changes or misuse.

Policies are usually a type of preventive admin control.

its clearly D

It's impossible for a policy to be a detective, corrective, or preventative control as a policy CANNOT stop/prevent, or detect any attack in any way. It has to be B

AUP = lets user know what is acceptable and allowed to prevent them from performing certain activity

preventive - an acceptable use policy enforces rules to users to use company resources. example - company A states that in order to access files in the company server you must connect to your company VPN when working from home. This prevents you from connecting from an insecure network.