CompTIA Security Plus Mock Test Q231

A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?

Account lockout policy
B. Account password enforcement
C. Password complexity enabled
D. Separation of duties

Correct Answer: D
Section: Compliance and Operational Security

Separation of duties means that users are granted only the permissions they need to do their work and no more. More so it means that there is differentiation between users, employees and duties per se which form part of best practices.

Incorrect Answers:
A: An account lockout policy only needs to be implemented when you need to deny a user access. The user in this case does not have to be locked out.
B: The account policy determines the security parameters regarding who can and cannot access the system. In this scenario the user must have access.
C: Password complexity only means to make it more difficult for a miscreant to break in and use someone else’s account.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 139, 141, 153