CompTIA CySA+ (CS0-003) — Question 316

A security analyst finds an application that cannot enforce the organization’s password policy. An exception is granted. As a compensating control, all users must confirm that their passwords comply with the organization’s policy. Which of the following types of compensating controls is the organization using?

Answer options

• A. Corrective
• B. Managerial
• C. Technical
• D. Detective

Correct answer: B

Explanation

The organization is using a managerial control because it involves policies and procedures that require user confirmation of compliance with the password policy. Corrective controls are aimed at fixing issues, technical controls involve technology to enforce policies, and detective controls are meant to identify violations after they occur, which does not apply in this scenario.