CompTIA Security+ (SY0-501) — Question 450

To help prevent one job role from having sufficient access to create, modify, and approve payroll data, which of the following practices should be employed?

Answer options

• A. Least privilege
• B. Job rotation
• C. Background checks
• D. Separation of duties

Correct answer: D

Explanation

Separation of duties is essential in preventing any individual from having the complete control over payroll processes, thereby reducing the risk of fraud or errors. The other options, like least privilege and job rotation, may help in access control and exposure to different roles, but they do not specifically address the need for checks and balances in payroll management.