CompTIA Security Plus Mock Test Q221

While rarely enforced, mandatory vacation policies are effective at uncovering:

A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems.
B. Collusion between two employees who perform the same business function.
C. Acts of incompetence by a systems engineer designing complex architectures as a member of a team.
D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.


Correct Answer: D
Section: Compliance and Operational Security

Explanation:
Least privilege (privilege reviews) and job rotation is done when mandatory vacations are implemented. Then it will uncover areas where the system administrators neglected to check all users’ privileges since the other users must fill in their positions when they are on their mandatory vacation.

Incorrect Answers:
A: Help desk technicians are not the main concern for having mandatory vacations.
B: Collusion implies two unlikely users fulfilling very different functions committing fraud, not two users performing the same business function.
C: Incompetency of the systems engineer regarding the architecture is not the focus of companies implementing mandatory vacations.

References:
D Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 25