CompTIA Security Plus Mock Test Q468

Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Select TWO).

A. Separation of duties
B. Job rotation
C. Mandatory vacation
D. Time of day restrictions
E. Least privilege

Correct Answer: A,E
Section: Compliance and Operational Security

Explanation:
Separation of duties means that users are granted only the permissions they need to do their work and no more. More so it means that you are employing best practices. The segregation of duties and separation of environments is a way to reduce the likelihood of misuse of systems or information. A separation of duties policy is designed to reduce the risk of fraud and to prevent other losses in an organization. A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more.

Incorrect Answers:
B: A job rotation policy defines intervals at which employees must rotate through positions.
C: A mandatory vacation policy requires all users to take time away from work to refresh. Mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels. Mandatory vacations also provide an opportunity to discover fraud. In this case mandatory vacations can prevent the two members from colluding to steal the information that they have access to.
D: Time of day restrictions are used to configure when an account can have access to the system.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 25
http://en.wikipedia.org/wiki/Separation_of_duties
http://en.wikipedia.org/wiki/Job_rotation