401 SEC+ Exam Guaranteed Pass: Tailored for Top
Grades with Comprehensive Solutions & Correct
Answers for Every Question
The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes
to determine who may be responsible. Which of the following would be the BEST course of
action?
A. Create a single, shared user account for every system that is audited and logged based
upon time of use.
B. Implement a single sign-on application on equipment with sensitive data and high-
profile shares.
C. Enact a policy that employees must use their vacation time in a staggered schedule.
D. Separate employees into teams led by a person who acts as a single point of contact for
observation purposes. - -correct ans- -Answer: C
Explanation:
A policy that states employees should use their vacation time in a staggered schedule is a
way of employing mandatory vacations. A mandatory vacation policy requires all users to
take time away from work while others step in and do the work of that employee on
vacation. This will afford the CSO the opportunity to see who is using the company assets
responsibly and who is abusing it.
A software developer is responsible for writing the code on an accounting application.
Another software developer is responsible for developing code on a system in human
resources. Once a year they have to switch roles for several weeks.
Which of the following practices is being implemented?
A. Mandatory vacations
B. Job rotation
C. Least privilege
D. Separation of duties - -correct ans- -Answer: B
,Explanation:
A job rotation policy defines intervals at which employees must rotate through positions.
Which of the following types of risk reducing policies also has the added indirect benefit of
cross training employees when implemented?
A. Least privilege
B. Job rotation
C. Mandatory vacations
D. Separation of duties - -correct ans- -Answer: B
Explanation:
A job rotation policy defines intervals at which employees must rotate through positions.
Similar in purpose to mandatory vacations, it helps to ensure that the company does not
become too dependent on one person and it does afford the company with the opportunity
to place another person in that same job.
In order to prevent and detect fraud, which of the following should be implemented?
A. Job rotation
B. Risk analysis
C. Incident management
D. Employee evaluations - -correct ans- -Answer: A
Explanation:
A job rotation policy defines intervals at which employees must rotate through positions.
Similar in purpose to mandatory vacations, it helps to ensure that the company does not
become too dependent on one person and it does afford the company with the opportunity
, to place another person in that same job and in this way the company can potentially
uncover any fraud perhaps committed by the incumbent
The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a
database administrator performing several other job functions within the company. Which
of the following is the BEST method to prevent such activities in the future?
A. Job rotation
B. Separation of duties
C. Mandatory Vacations
D. Least Privilege - -correct ans- -Answer: B
Explanation:
Separation of duties means that users are granted only the permissions they need to do
their work and no more. More so it means that you are employing best practices. The
segregation of duties and separation of environments is a way to reduce the likelihood of
misuse of systems or information. A separation of duties policy is designed to reduce the
risk of fraud and to prevent other losses in an organization
Separation of duties is often implemented between developers and administrators in order
to separate which of the following?
A. More experienced employees from less experienced employees
B. Changes to program code and the ability to deploy to production
C. Upper level management users from standard development employees
D. The network access layer from the application access layer - -correct ans- -Answer: B
Explanation:
Separation of duties means that there is differentiation between users, employees and
duties per se which form part of best practices.
Grades with Comprehensive Solutions & Correct
Answers for Every Question
The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes
to determine who may be responsible. Which of the following would be the BEST course of
action?
A. Create a single, shared user account for every system that is audited and logged based
upon time of use.
B. Implement a single sign-on application on equipment with sensitive data and high-
profile shares.
C. Enact a policy that employees must use their vacation time in a staggered schedule.
D. Separate employees into teams led by a person who acts as a single point of contact for
observation purposes. - -correct ans- -Answer: C
Explanation:
A policy that states employees should use their vacation time in a staggered schedule is a
way of employing mandatory vacations. A mandatory vacation policy requires all users to
take time away from work while others step in and do the work of that employee on
vacation. This will afford the CSO the opportunity to see who is using the company assets
responsibly and who is abusing it.
A software developer is responsible for writing the code on an accounting application.
Another software developer is responsible for developing code on a system in human
resources. Once a year they have to switch roles for several weeks.
Which of the following practices is being implemented?
A. Mandatory vacations
B. Job rotation
C. Least privilege
D. Separation of duties - -correct ans- -Answer: B
,Explanation:
A job rotation policy defines intervals at which employees must rotate through positions.
Which of the following types of risk reducing policies also has the added indirect benefit of
cross training employees when implemented?
A. Least privilege
B. Job rotation
C. Mandatory vacations
D. Separation of duties - -correct ans- -Answer: B
Explanation:
A job rotation policy defines intervals at which employees must rotate through positions.
Similar in purpose to mandatory vacations, it helps to ensure that the company does not
become too dependent on one person and it does afford the company with the opportunity
to place another person in that same job.
In order to prevent and detect fraud, which of the following should be implemented?
A. Job rotation
B. Risk analysis
C. Incident management
D. Employee evaluations - -correct ans- -Answer: A
Explanation:
A job rotation policy defines intervals at which employees must rotate through positions.
Similar in purpose to mandatory vacations, it helps to ensure that the company does not
become too dependent on one person and it does afford the company with the opportunity
, to place another person in that same job and in this way the company can potentially
uncover any fraud perhaps committed by the incumbent
The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a
database administrator performing several other job functions within the company. Which
of the following is the BEST method to prevent such activities in the future?
A. Job rotation
B. Separation of duties
C. Mandatory Vacations
D. Least Privilege - -correct ans- -Answer: B
Explanation:
Separation of duties means that users are granted only the permissions they need to do
their work and no more. More so it means that you are employing best practices. The
segregation of duties and separation of environments is a way to reduce the likelihood of
misuse of systems or information. A separation of duties policy is designed to reduce the
risk of fraud and to prevent other losses in an organization
Separation of duties is often implemented between developers and administrators in order
to separate which of the following?
A. More experienced employees from less experienced employees
B. Changes to program code and the ability to deploy to production
C. Upper level management users from standard development employees
D. The network access layer from the application access layer - -correct ans- -Answer: B
Explanation:
Separation of duties means that there is differentiation between users, employees and
duties per se which form part of best practices.
