CompTIA Security Plus Mock Test Q229

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future?

A. Job rotation
B. Separation of duties
C. Mandatory Vacations
D. Least Privilege


Correct Answer: B
Section: Compliance and Operational Security

Explanation:
Separation of duties means that users are granted only the permissions they need to do their work and no more. More so it means that you are employing best practices. The segregation of duties and separation of environments is a way to reduce the likelihood of misuse of systems or information. A separation of duties policy is designed to reduce the risk of fraud and to prevent other losses in an organization.

Incorrect Answers:
A: A job rotation policy defines intervals at which employees must rotate through positions. This is so that the company does not become too dependent on one person.
C: A mandatory vacation policy requires all users to take time away from work to refresh. If the company becomes too dependent on one person, they can end up in a real bind if
something should happen to that person.
D: Least Privilege means giving users only the permissions that they need to do their work and no more.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014,pp 24, 25, 26, 153
http://en.wikipedia.org/wiki/Separation_of_duties