SY0-301 · Question #232
SY0-301 Question #232: Real Exam Question with Answer & Explanation
The correct answer is D: Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.. Mandatory vacation policies force another employee to cover the duties of an absent worker, which exposes gross negligence or misconduct that may otherwise remain hidden when a single administrator operates without oversight.
Question
Options
- AHelp desk technicians with oversight by multiple supervisors and detailed quality control systems.
- BCollusion between two employees who perform the same business function.
- CActs of incompetence by a systems engineer designing complex architectures as a member of a team.
- DActs of gross negligence on the part of system administrators with unfettered access to system and no oversight.
Explanation
Mandatory vacation policies force another employee to cover the duties of an absent worker, which exposes gross negligence or misconduct that may otherwise remain hidden when a single administrator operates without oversight.
Common mistakes.
- A. Help desk roles already have multiple supervisors and quality control systems in place, so a vacation policy adds little additional detection capability.
- B. Mandatory vacation would expose one employee's actions at a time but would not reveal collusion between two employees who coordinate their cover stories.
- C. Engineering incompetence in a team setting is typically visible through normal peer review and project outcomes, not through forced absences.
Concept tested. Mandatory vacation as an administrative security control
Reference. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Community Discussion
No community discussion yet for this question.