nerdexam
CompTIA

SY0-301 · Question #381

A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they ha

The correct answer is B. Job rotation. Job rotation involves periodically reassigning employees to different roles to reduce fraud risk and build cross-functional knowledge.

Security program management and oversight

Question

A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented?

Options

  • AMandatory vacations
  • BJob rotation
  • CLeast privilege
  • DSeparation of duties

How the community answered

(41 responses)
  • A
    2% (1)
  • B
    90% (37)
  • C
    2% (1)
  • D
    5% (2)

Why each option

Job rotation involves periodically reassigning employees to different roles to reduce fraud risk and build cross-functional knowledge.

AMandatory vacations

Mandatory vacations require employees to take scheduled time off so that others can review their work for fraud, which is a different control from periodically reassigning role responsibilities.

BJob rotationCorrect

Job rotation is the practice of moving employees between roles on a scheduled basis, which reduces the risk of fraud or error by ensuring no single person has prolonged exclusive control over a sensitive function. The scenario describes developers switching roles annually across different departments, which matches this definition exactly. It also serves as a detective control because irregularities left by one employee may be discovered by the next.

CLeast privilege

Least privilege restricts a user's access rights to only what is required for their current job function, not a policy of switching roles between employees.

DSeparation of duties

Separation of duties divides a single critical task among multiple people so no one individual can complete a sensitive transaction alone, which is structurally different from rotating entire job roles.

Concept tested: Job rotation as a personnel security control

Source: https://csrc.nist.gov/glossary/term/job_rotation

Topics

#job rotation#personnel security#insider threat mitigation#access control

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice