The Chief Information Security Officer (CISO) suspects that a database administrator has been tampering with financial data to the administrator’s advantage.
Which of the following would allow a third-party consultant to conduct an on-site review of the administrator’s activity?
A. Separation of duties
B. Job rotation
C. Continuous monitoring
D. Mandatory vacation
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
Hi,
Did you pass the exam.
D
Agreed
D
D. Mandatory vacation
From CASP’s official prep book:
“Mandatory vacation
A method of preventing fraud which provides you with an opportunity to review employees’ activities. The typical mandatory vacation policy requires that employees take at least one vacation a year in a full-week increment so that they are away from work for at least five days in a row. During that time, your corporate audit and security teams have time to investigate and discover any discrepancies in employee activity. When employees understand the security focus of the mandatory vacation policy, the risk of fraudulent activities decreases.”