CompTIA Security Plus Mock Test Q223

Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?

A. Privacy Policy
B. Least Privilege
C. Acceptable Use
D. Mandatory Vacations


Correct Answer: D
Section: Compliance and Operational Security

Explanation:
When one person fills in for another, such as for mandatory vacations, it provides an opportunity to see what the person is doing and potentially uncover any fraud.

Incorrect Answers:
A: Privacy policies define what controls are required to implement and maintain the sanctity of data privacy in the work environment. Privacy policy is a legal document that outlines
how data collected is secured. It should encompass information regarding the information the company collects, privacy choices you have based on your account, potential information
sharing of your data with other parties, security measures in place, and enforcement.
B: A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more.
C: Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 25