CompTIA Security Plus Mock Test Q218

Which of the following should Pete, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?

A. Privacy Policy
B. Least Privilege
C. Acceptable Use
D. Mandatory Vacations


Correct Answer: D
Section: Compliance and Operational Security

Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. But not only does mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels as well as an opportunity to discover fraud.

Incorrect Answers:
A: Privacy policies define what controls are required to implement and maintain the sanctity of data privacy in the work environment. Privacy policy is a legal document that outlines
how data collected is secured
B: Least privilege is usually employed to assign users only the required permissions to do only their duties and no more.
C: Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 25