SY0-301 · Question #381
A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they ha
The correct answer is B. Job rotation. Job rotation involves periodically reassigning employees to different roles to reduce fraud risk and build cross-functional knowledge.
Question
A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented?
Options
- AMandatory vacations
- BJob rotation
- CLeast privilege
- DSeparation of duties
How the community answered
(41 responses)- A2% (1)
- B90% (37)
- C2% (1)
- D5% (2)
Why each option
Job rotation involves periodically reassigning employees to different roles to reduce fraud risk and build cross-functional knowledge.
Mandatory vacations require employees to take scheduled time off so that others can review their work for fraud, which is a different control from periodically reassigning role responsibilities.
Job rotation is the practice of moving employees between roles on a scheduled basis, which reduces the risk of fraud or error by ensuring no single person has prolonged exclusive control over a sensitive function. The scenario describes developers switching roles annually across different departments, which matches this definition exactly. It also serves as a detective control because irregularities left by one employee may be discovered by the next.
Least privilege restricts a user's access rights to only what is required for their current job function, not a policy of switching roles between employees.
Separation of duties divides a single critical task among multiple people so no one individual can complete a sensitive transaction alone, which is structurally different from rotating entire job roles.
Concept tested: Job rotation as a personnel security control
Source: https://csrc.nist.gov/glossary/term/job_rotation
Topics
Community Discussion
No community discussion yet for this question.