CompTIA CASP+ (CAS-003) — Question 152

A security administrator is updating corporate policies to respond to an incident involving collusion between two systems administrators that went undetected for more than six months.
Which of the following policies would have MOST likely uncovered the collusion sooner? (Choose two.)

Answer options

• A. Mandatory vacation
• B. Separation of duties
• C. Continuous monitoring
• D. Incident response
• E. Time-of-day restrictions
• F. Job rotation

Correct answer: B, F

Explanation

The correct answers are B and F. Separation of duties would ensure that no single individual has full control over critical processes, making collusion more difficult. Job rotation would frequently change responsibilities among staff, which could help uncover any collusion by requiring different personnel to review each other's work. The other options, while useful, do not directly address the issue of collusion as effectively as these two policies.