Which of the following is an example of a 'deterrent control'? a. Security awareness training b. Antivirus software c. Backups d. Incident response plan

The correct answer is **a. Security awareness training**. Deterrent controls are designed to discourage security violations before they occur. Security awareness training helps inform users about security policies and risks, thus acting as a deterrent to malicious or negligent behavior. The other options serve different purposes: - **b. Antivirus software** is a preventive control aimed at detecting and stopping malware. - **c. Backups** are a corrective control that helps recover data after a loss. - **d. Incident response plan** is also a corrective control focused on responding to and managing security incidents.