Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Joe writes, signs and distributes
paycheques, as well as other expenditures. Which of the following controls can she implement to address this concern?

A.
Mandatory vacations

B.
Time of day restrictions

C.
Least privilege

D.
Separation of duties

Explanation:
Separation of duties divides administrator or privileged tasks into separate groupings, which in turn, is individually assigned to unique administrators. This helps in
fraud prevention, error reduction, as well as conflict of interest prevention. For example, those who configure security should not be the same people who test
security. In this case, Joe should not be allowed to write and sign paycheques.
Incorrect Answers:
A: Mandatory vacations require each employee to be on vacation for a minimal amount of time each year. During this time a different employee sits at their desk
and performs their work tasks. This will not solve the problem, it will determine whether the user is committing fraud, being abusive, or if they are incompetent.
B: Time of day restrictions limits when a specific user account can log on to the network according to the time of day. This will not help solve the problem.
C: Least privilege states that users should only be granted the minimum necessary access, permissions, and privileges that are required for them to accomplish
their work tasks. This is used for normal employees, whereas Separation of duties is for administrators.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 81, 82, 280.