CompTIA Security Plus Mock Test Q610

Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?

A. Routine log audits
B. Job rotation
C. Risk likelihood assessment
D. Separation of duties


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
When a new user account is created, an entry is added to the Event Logs. By routinely auditing the event logs, you would know that an account has been created.

Incorrect Answers:
B: Job rotation is a concept that has employees rotating through different jobs to learn the procedures and processes in each. From a security perspective, job rotation helps to prevent or expose dangerous shortcuts or even fraudulent activity. Knowledge is shared with multiple people, and no one person can retain explicit control of any process or data. Job rotation would not mitigate against an unauthorized new user account being created.
C: Assessing the likelihood of risk may determine the likelihood of an unauthorized new user account being created. However, it would not tell you that an unauthorized account had been created.
D: Separation of duties is the process of ensuring that functions of a role are carried out by multiple users. This is to prevent fraud and restricts the amount of power held by any one individual. Separation of duties would not mitigate against an unauthorized new user account being created.

References:
http://en.wikipedia.org/wiki/Job_rotation