CompTIA Security Plus Mock Test Q224

A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?

A. Implement privacy policies
B. Enforce mandatory vacations
C. Implement a security policy
D. Enforce time of day restrictions


Correct Answer: B
Section: Compliance and Operational Security

Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. And in the same time it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfy the need to have replication or duplication at all levels in addition to affording the company an opportunity to discover fraud for when others do the same job in the absence of the regular staff member then there is transparency.

Incorrect Answers:
A: Privacy policies are used to define which controls are needed to implement and maintain sanctity/safety of data privacy.
C: Security policies are used to define which controls are needed to implement and maintain the security of the company resources such as systems, users and networks.
D: Time of day restrictions are used to configure when an account can have access to the system, this does not prevent anyone from laundering money.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 24 -25, 153