CompTIA Security Plus Mock Test Q226

A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented?

A. Mandatory vacations
B. Job rotation
C. Least privilege
D. Separation of duties


Correct Answer: B
Section: Compliance and Operational Security

Explanation:
A job rotation policy defines intervals at which employees must rotate through positions.

Incorrect Answers:
A: A mandatory vacation policy requires all users to take time away from work to refresh.
C: A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more.
D: A separation of duties policy means the segregation of duties and separation of environments as a way to reduce the likelihood of misuse of systems or information. Separation of
duties means that users are granted only the permissions they need to do their work and no more. More so it means that there is differentiation between users, employees and duties per se which form part of best practices.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 24, 25, 26, 153
http://en.wikipedia.org/wiki/Job_rotation