CompTIA Security Plus Mock Test Q228

In order to prevent and detect fraud, which of the following should be implemented?

A. Job rotation
B. Risk analysis
C. Incident management
D. Employee evaluations

Correct Answer: A
Section: Compliance and Operational Security

A job rotation policy defines intervals at which employees must rotate through positions. Similar in purpose to mandatory vacations, it helps to ensure that the company does not become too dependent on one person and it does afford the company with the opportunity to place another person in that same job and in this way the company can potentially uncover any fraud perhaps committed by the incumbent.

Incorrect Answers:
B: Risk assessment is also known as risk analysis or risk calculation and it deals with the threats, vulnerabilities, and impacts of a loss of information-processing capabilities or a loss
of information itself.
C: Incident management refers to the steps that are followed when events occur.
D: The Evaluation process is called an audit.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 4, 10, 26