nerdexam
ExamsCAS-003Questions#846
CompTIA

CAS-003 · Question #846

CAS-003 Question #846: Real Exam Question with Answer & Explanation

The correct answer is A: Offboarding. Offboarding is primarily a detective control because it identifies what access an employee held and what actions they performed after the fact, but it cannot prevent abuse that occurred during employment.

Question

Which of the following controls primarily detects abuse of privilege but does not prevent it?

Options

  • AOffboarding
  • BSeparation of duties
  • CLeast privilege
  • DJob rotation

Explanation

Offboarding is primarily a detective control because it identifies what access an employee held and what actions they performed after the fact, but it cannot prevent abuse that occurred during employment.

Common mistakes.

  • B. Separation of duties is a preventive control that structures roles so no single individual can complete a sensitive transaction alone, actively blocking the opportunity for abuse before it occurs.
  • C. Least privilege is a preventive control that limits what a user can do by restricting their access rights, stopping abuse of privileges that were never granted.
  • D. Job rotation can surface irregularities when a new person takes over a role and reviews prior work, but it primarily serves as a deterrent and its detection function differs from the post-employment account review that characterizes offboarding.

Concept tested. Detective vs preventive access control classification

Reference. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice