CompTIA Security Plus Mock Test Q232

Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process?

A. Separation of Duties
B. Mandatory Vacations
C. Discretionary Access Control
D. Job Rotation

Correct Answer: A
Section: Compliance and Operational Security

Separation of duties means that users are granted only the permissions they need to do their work and no more.

Incorrect Answers:
B: A mandatory vacation policy requires all users to take time away from work to refresh.
C: Discretionary Access Control makes allowance for flexibility on access control within the company which is to be avoided in this scenario.
D: Rotating jobs would mean that all the employees will at any one time still have authority to sign checks.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 25, 151, 153