CompTIA Security+ (SY0-501) — Question 697

Which of the following is a reason why an organization would define an AUP?

Answer options

• A. To define the lowest level of privileges needed for access and use of the organization's resources
• B. To define the set of rules and behaviors for users of the organization's IT systems
• C. To define the intended partnership between two organizations
• D. To define the availability and reliability characteristics between an IT provider and consumer

Correct answer: B

Explanation

The correct answer is B, as an Acceptable Use Policy outlines the standards and conduct expected from users when interacting with the organization's IT systems. Options A, C, and D, while related to IT governance, do not accurately describe the primary purpose of an AUP, which focuses specifically on user behavior and rules.