PrepAway - Latest Free Exam Questions & Answers

what would be a suitable compensating control?

When segregation of duties concerns exist between IT support staff and end users, what would be
a suitable compensating control?

PrepAway - Latest Free Exam Questions & Answers

A.
Restricting physical access to computing equipment

B.
Reviewing transaction and application logs

C.
Performing background checks prior to hiring IT staff

D.
Locking user sessions after a specified period of inactivity

Explanation:
Only reviewing transaction and application logs directly addresses the threat posed by poor
segregation of duties. The review is a means of detecting inappropriate behavior and also
discourages abuse, because people who may otherwise be tempted to exploit the situation are
aware of the likelihood of being caught. Inadequate segregation of duties is more likely to be
exploited via logical access to data and computing resources rather than physical access. Choice
C is a useful control to ensure ITstaff are trustworthy and competent but does not directly address
the lack of an optimal segregation of duties. Choice D acts to prevent unauthorized users from
gaining system access, but the issue of a lack of segregation of duties is more the misuse
(deliberately or inadvertently} of access privileges that have officially been granted.


Leave a Reply