CompTIA Security Plus Mock Test Q220

Mandatory vacations are a security control which can be used to uncover which of the following?

A. Fraud committed by a system administrator
B. Poor password security among users
C. The need for additional security staff
D. Software vulnerabilities in vendor code

Correct Answer: A
Section: Compliance and Operational Security

Mandatory vacations also provide an opportunity to discover fraud apart from the obvious benefits of giving employees a chance to refresh and making sure that others in the company can fill those positions and make the company less dependent on those persons; a sort pf replication and duplication at all levels.

Incorrect Answers:
B: Poor password security is not the purpose of implementing mandatory vacations.
C: Mandatory vacations will have the opposite effect to needing additional security staff.
D: Software vulnerability can only be uncovered by looking at the software installed and its version and not by means by mandatory vacations.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 25