A security administrator is updating corporate policies to respond to an incident involving collusion between two systems administrators that went undetected for more than six months.
Which of the following policies would have MOST likely uncovered the collusion sooner? (Choose two.)
A. Mandatory vacation
B. Separation of duties
C. Continuous monitoring
D. Incident response
E. Time-of-day restrictions
F. Job rotation
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Maybe: C. Continuous monitoring?
Without continuous monitoring, job rotation and/or mandatory vacations are pointless. The question asks what would “uncovered the collusion sooner.” If you don’t monitor what’s going on, you are not going to uncover anything.
The idea is to separate the two admins, and then see what happens. Any of the following would separate the admins:
A. Mandatory vacation
B. Separation of duties
F. Job rotation
Those answers are all equally good. In fact, the following could also be included in that list.
E. Time-of-day restrictions
Just another unfair question.
I think BF is right. I found this snippet about Separation of duties.
“SoD, as it relates to security, has two primary objectives. The first is the prevention of conflict of interest (real or apparent), wrongful acts, fraud, abuse and errors.”
AF
Agreed.
Separation of duties would not have *uncovered* the collusion sooner.
Agreed. They are already colluding, which means even separation-of-duties would’ve failed. Who is to say that this organization did not already implement separation of duties and these two guys colluded anyways. I think A+F is the correct answer because if mandatory vacation was enforced then sooner or later one of these sysadmins would’ve left for a week or so and whomever came into his/her position would realizes what was going on.