CompTIA Security Plus Mock Test Q268

After an audit, it was discovered that the security group memberships were not properly adjusted for employees’ accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO).

A. Mandatory access control enforcement.
B. User rights and permission reviews.
C. Technical controls over account management.
D. Account termination procedures.
E. Management controls over account management.
F. Incident management and response plan.


Correct Answer: B,E
Section: Compliance and Operational Security

Explanation:
Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation and their job descriptions since they were all moved to different roles. Control over account management would have taken into account the different roles that employees have and adjusted the rights and permissions of these roles accordingly.

Incorrect Answers:
A: Mandatory access control enforcement just means that all access would be pre-defined. Thus it will not take into account the different roles now occupied by different employees.
C: Technical controls include things such as firewalls, IDS, IPS, etc. and as such are preventative, detective and even compensating and not administrative control.
D: Account termination procedures are carried out in the event of employees leaving the company and not when they are being moved within the company.
F: Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). And the
Incidence Response PLan outlines what steps are needed and who is responsible for deciding how to handle a situation. In this case an audit was conducted.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 10, 26-27