nerdexam
CompTIA

SY0-301 · Question #890

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the

The correct answer is B. Separation of duties. Separation of duties (SoD) is a control that divides critical tasks and privileges among multiple people so that no single individual has end-to-end control over a sensitive process. In this case, the DBA was able to commit fraud precisely because they held too many job functions

Security program management and oversight

Question

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future?

Options

  • AJob rotation
  • BSeparation of duties
  • CMandatory Vacations
  • DLeast Privilege

How the community answered

(55 responses)
  • A
    2% (1)
  • B
    87% (48)
  • C
    7% (4)
  • D
    4% (2)

Explanation

Separation of duties (SoD) is a control that divides critical tasks and privileges among multiple people so that no single individual has end-to-end control over a sensitive process. In this case, the DBA was able to commit fraud precisely because they held too many job functions simultaneously. SoD would ensure that, for example, the person who creates database records cannot also approve or audit them. Job rotation and mandatory vacations are detective controls that can expose fraud after the fact but do not structurally prevent it. Least privilege limits what a user can do but does not address the problem of one person controlling multiple conflicting roles.

Topics

#separation of duties#insider threat#fraud prevention#administrative controls

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice