Exam SY0-701 topic 1 question 313 discussion

Direct from Dion Training's Udemy course: Managerial Controls - Aka administrative controls. Involve the strategic planning and governance side of security. Ensures that the org’s security strategies align with its business goals and its risk tolerance. Risk assessments Security policies Training programs Incident response strategies Operational Controls - Procedures and measures designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions. Backup procedures Account reviews User awareness training programs AUP = Acceptable Use Policy. Security policies = Managerial Controls.

An AUP (Acceptable Use Policy) is an example of a Managerial control. Explanation: An AUP outlines the guidelines and expectations for how users should interact with an organization's systems, which falls under the category of management controls as it defines policies and procedures rather than physical security measures or technical implementations.

The best answer is B. Information security policy. An organization's Software Development Life Cycle (SDLC) often incorporates security considerations throughout each phase—from planning and design to development, testing, and maintenance. Including an information security policy ensures that developers and stakeholders follow consistent security practices, such as secure coding standards, access controls, and data protection requirements.

chat GPT says D D. Operational An Acceptable Use Policy (AUP) is an example of an operational control. It provides guidelines on the proper use of systems, networks, and data. Operational controls are primarily implemented via policies, procedures, and user behavior requirements to reduce risk. Here’s a quick breakdown of why: Physical: deals with physical barriers like locks, guards, CCTV. Managerial: focuses on oversight, risk assessment, and security planning. Technical: uses technology to enforce security (firewalls, encryption). Operational: relies on policies, procedures, and day-to-day practices — which is where AUP fits.

An Acceptable Use Policy (AUP) outlines rules and guidelines for acceptable behavior and proper usage of an organization's resources, such as computers, networks, and internet services. It is considered an operational control because it defines day-to-day practices, procedures, and standards that help manage and secure the organization's operations.

Both Claude and GPT suggest >>> Managerial

From the CompTIA SYO-701 Study Guide - "Managerial controls are administrative in function and documented in security policies. Operational controls are implemented by people who perform the day-to-day operations to comply with an organization's overall security plan."

An Acceptable Use Policy (AUP) is a document or agreement that defines acceptable and unacceptable behaviors when using an organization's resources, such as computers, networks, and data. It is a managerial control because it involves creating policies, guidelines, and standards to manage and govern the behavior of users within an organization. It does not implement any technical enforcement but instead provides the framework and rules.

Its and operational control according to Comptia.

An AUP (Acceptable Use Policy) is an example of a Managerial control. Explanation: An AUP outlines the guidelines and expectations for how users should interact with an organization's systems, which falls under the category of management controls as it defines policies and procedures rather than physical security measures or technical implementations.

In fact, Comptia asks the same practical question and uses AUP as the example of operational controls.

D. Operational. Comptia gives this same practice question and uses AUP as an specific example of operational controls.

Managerial controls are tend to be directive such as policies, hence I am gowing with B. Remember that operational controls are driven by people like security guards, more physical in nature.

Many of you are quoting GPT responses. However, you have to offer the correct prompt. As follows: Operational control or managerial control? The choices are managerial or operational. I understand it is a type of administrative control, but that is not one of the choices. Please explain the best answer: GPT Answer: Based on the given choices, an Acceptable Use Policy (AUP) would be considered a managerial control. This is because it establishes guidelines and policies that guide the organization's operations, which aligns more with the concept of managerial control. I am definitely going with Managerial, which was my first answer before consulting GPT. I've also studied for over a year in-depth.

D. Operational: Operational controls are procedures and policies that dictate how users should behave and how processes are carried out to ensure security. The AUP falls under this category as it defines acceptable and unacceptable behavior for users, making it an operational control.

B. Managerial control.

GPTTTTTTTTTTTTTTTT