Which of the following scenarios BEST describes a risk reduction technique?
A.
A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.
B.
A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
C.
A security control objective cannot be met through a technical change, so the company performs regular audits to determine if violations have occurred.
D.
A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.
Risk types: acceptance, avoidance, transferance, mitigation
Control types: preventive, detective, corrective, derrent, compensative, physical
According to the CompTIA guide, but the provided answer is correct B) because is mitigating (reducing) the risk by implementing a policy
B is a better risk reduction/mitigation technique compared to C, because training is a preventive control, while C. is primarily a detective and subsequently corrective control.
Prevention is the best form of Control.
In this scenario, the company recognizes that a technical change alone cannot effectively address the security control objective. Instead, they opt to implement a policy to train users on a more secure method of operation. By providing proper training and education to users, the company aims to reduce the risk associated with the control objective that cannot be met through technical means. This approach focuses on enhancing user awareness, knowledge, and behavior to mitigate potential security risks and improve overall security posture.
"A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation."
Risk reduction techniques are designed to lower the probability or impact of identified risks. Option B describes a risk reduction technique through the implementation of a policy to train users on a more secure method of operation, thereby reducing the probability of security incidents caused by user error.
B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ranaer
Highly Voted 2 years, 4 months agoLeDarius3762
1 year, 11 months agoJT4
Highly Voted 1 year, 8 months agoirtaza909
Most Recent 1 year, 5 months agoMehe323
1 year, 1 month agogho5tface
1 year, 10 months agoBro111
1 year, 11 months agoje123
1 year, 10 months agoje123
1 year, 10 months agoApplebeesWaiter1122
2 years agoSophyQueenCR82
2 years, 3 months agosdc939
2 years, 4 months agoJibz18
2 years, 4 months agohsdj
2 years, 4 months ago