Answer: An employee training program that explains the policies and procedures for reviewing new account applications

## Explanation **Directive controls** are designed to ensure that specific actions are taken. They establish policies, procedures, and guidelines that direct behavior and ensure compliance with organizational standards. Let's analyze each option: - **Option A**: An employee training program that explains policies and procedures for reviewing new account applications - This is a **directive control** because it provides guidance and instructions to employees on how to perform their duties correctly. - **Option B**: A notification to a credit card customer about a potentially fraudulent transaction - This is a **detective control** because it identifies and alerts about potential issues after they have occurred. - **Option C**: An implementation of an antivirus software update - This is a **preventive control** because it aims to prevent security incidents from occurring in the first place. - **Option D**: A dual-factor authentication protocol - This is a **preventive control** because it prevents unauthorized access to critical systems. **Key distinctions:** - **Preventive controls**: Stop unwanted events from occurring - **Detective controls**: Identify and alert about events that have occurred - **Corrective controls**: Fix problems after they are detected - **Directive controls**: Guide and direct behavior through policies, procedures, and training The employee training program (Option A) clearly fits the definition of a directive control as it provides specific guidance on how to perform account review procedures.

Author: LeetQuiz .