CompTIA CySA+ (CS0-001) — Question 16

A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would help prevent this from reoccurring? (Choose two.)

Answer options

• A. Succession planning
• B. Separation of duties
• C. Mandatory vacation
• D. Personnel training
• E. Job rotation

Correct answer: B, D

Explanation

Implementing Separation of duties ensures that no single individual has control over all aspects of a critical process, reducing the risk of malicious actions or mistakes. Additionally, Personnel training promotes awareness of the importance of log files and proper data management, which can help prevent similar incidents in the future. The other options do not directly address the issue of access control or awareness regarding log file management.