Exam SY0-701 topic 1 question 313 discussion

Direct from Dion Training's Udemy course: Managerial Controls - Aka administrative controls. Involve the strategic planning and governance side of security. Ensures that the org’s security strategies align with its business goals and its risk tolerance. Risk assessments Security policies Training programs Incident response strategies Operational Controls - Procedures and measures designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions. Backup procedures Account reviews User awareness training programs AUP = Acceptable Use Policy. Security policies = Managerial Controls.

An AUP (Acceptable Use Policy) is an example of a Managerial control. Explanation: An AUP outlines the guidelines and expectations for how users should interact with an organization's systems, which falls under the category of management controls as it defines policies and procedures rather than physical security measures or technical implementations.

An Acceptable Use Policy (AUP) outlines rules and guidelines for acceptable behavior and proper usage of an organization's resources, such as computers, networks, and internet services. It is considered an operational control because it defines day-to-day practices, procedures, and standards that help manage and secure the organization's operations.

Both Claude and GPT suggest >>> Managerial

From the CompTIA SYO-701 Study Guide - "Managerial controls are administrative in function and documented in security policies. Operational controls are implemented by people who perform the day-to-day operations to comply with an organization's overall security plan."

An Acceptable Use Policy (AUP) is a document or agreement that defines acceptable and unacceptable behaviors when using an organization's resources, such as computers, networks, and data. It is a managerial control because it involves creating policies, guidelines, and standards to manage and govern the behavior of users within an organization. It does not implement any technical enforcement but instead provides the framework and rules.

Its and operational control according to Comptia.

An AUP (Acceptable Use Policy) is an example of a Managerial control. Explanation: An AUP outlines the guidelines and expectations for how users should interact with an organization's systems, which falls under the category of management controls as it defines policies and procedures rather than physical security measures or technical implementations.

In fact, Comptia asks the same practical question and uses AUP as the example of operational controls.

D. Operational. Comptia gives this same practice question and uses AUP as an specific example of operational controls.

Managerial controls are tend to be directive such as policies, hence I am gowing with B. Remember that operational controls are driven by people like security guards, more physical in nature.

Many of you are quoting GPT responses. However, you have to offer the correct prompt. As follows: Operational control or managerial control? The choices are managerial or operational. I understand it is a type of administrative control, but that is not one of the choices. Please explain the best answer: GPT Answer: Based on the given choices, an Acceptable Use Policy (AUP) would be considered a managerial control. This is because it establishes guidelines and policies that guide the organization's operations, which aligns more with the concept of managerial control. I am definitely going with Managerial, which was my first answer before consulting GPT. I've also studied for over a year in-depth.

D. Operational: Operational controls are procedures and policies that dictate how users should behave and how processes are carried out to ensure security. The AUP falls under this category as it defines acceptable and unacceptable behavior for users, making it an operational control.

B. Managerial control.

GPTTTTTTTTTTTTTTTT

Chat GPT: The correct answer is D. Operational. An Acceptable Use Policy (AUP) is an example of an operational control. It defines the appropriate use of resources, such as networks, systems, and data, by users within an organization. AUPs are administrative in nature and help to manage behavior and actions within an organization's environment, making them part of operational controls. A. Physical controls are designed to protect the physical infrastructure, like locks, badges, or surveillance cameras. B. Managerial controls focus on the oversight and management of security policies, such as risk assessments and audits. C. Technical controls (also known as logical controls) include things like firewalls, encryption, and access control systems, which rely on technology to enforce security.

B. Managerial An AUP is a set of guidelines or rules established by management to dictate acceptable and unacceptable use of organizational resources, such as computers and networks. It is a managerial control designed to ensure that users adhere to security policies and practices.