CompTIA Security Plus Mock Test Q227

Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented?

A. Least privilege
B. Job rotation
C. Mandatory vacations
D. Separation of duties

Correct Answer: B
Section: Compliance and Operational Security

A job rotation policy defines intervals at which employees must rotate through positions. Similar in purpose to mandatory vacations, it helps to ensure that the company does not become too dependent on one person and it does afford the company with the opportunity to place another person in that same job.

Incorrect Answers:
A: A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more. This does not involve crosstraining.
C: A mandatory vacation policy requires all users to take time away from work to refresh.
D: Separation of duties means that users are granted only the permissions they need to do their work and no more. More so it means that there is differentiation between users,
employees and duties per se which form part of best practices. There is thus no cross training.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 24, 25, 26, 153