Systems Security Certified Practitioner (SSCP) — Question 16

Which of the following is NOT a form of detective administrative control?

Answer options

• A. Rotation of duties
• B. Required vacations
• C. Separation of duties
• D. Security reviews and audits

Correct answer: C

Explanation

The correct answer is C, Separation of duties, which is a preventive control designed to reduce the risk of fraud and error by dividing responsibilities among different individuals. The other options, such as rotation of duties, required vacations, and security reviews and audits, are all forms of detective controls aimed at identifying issues after they occur.