Which of the following can be performed when an element of the company policy cannot be enforced by technical means?

A.
Develop a set of standards

B.
Separation of duties

C.
Develop a privacy policy

D.
User training

Explanation:
User training is an important aspect of maintaining safety and security. It helps improve users’ security awareness in terms of prevention, enforcement, and threats.
It is of critical importance when element of the company policy cannot be enforced by technical means.
Incorrect Answers:
A: Standards are derived from policies and should provide the detail required to audit a system and ensure that the standard is being met. It does no help enforce a
policy.
B: Separation of duties is the division of administrative tasks and their assignment to different administrators. This ensures that no one user has complete access
or power over an entire network, server, or system. The separation of duties can be enforced by technical means.
C: Privacy policy describes the controls required to maintain data privacy within a system. This is an example of a policy, it does not help enforce a policy.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 21, 24, 153, 399-402

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 82,