Q4.

Which of the following security control types does an acceptable use policy best represent?

An Acceptable Use Policy (AUP) is a set of rules that defines the constraints and practices a user must agree to for access to a corporate network or the internet. Its primary purpose is to inform employees about what constitutes proper and improper use of company assets, thereby preventing security incidents, misuse, and legal liabilities before they occur. By establishing clear guidelines and expectations for behavior, the AUP functions as an administrative control designed to prevent violations.