PrepAway - Latest Free Exam Questions & Answers

Which of the following security controls might force an…

Which of the following security controls might force an operator into collusion with personnel assigned
organizationally within a different function in order to gain access to unauthorized data?

PrepAway - Latest Free Exam Questions & Answers

A.
Limiting the local access of operations personnel

B.
Job rotation of operations personnel

C.
Management monitoring of audit logs

D.
Enforcing regular password changes

Explanation:
Limiting the local access of operations personnel means that the operator will not be able to access the
unauthorized data. Therefore, to gain access to the data, the operator would need to collude with someone who
does have access to the data.
Incorrect Answers:
B: Job rotation (rotation of duties) is defined as the process of limiting the amount of time an operator is
assigned to perform a security related task before being moved to a different task with a different security
classification. This control lessens the opportunity for collusion between operators for fraudulent purposes.
However, the job the operator is currently performing does not necessarily mean that the operator cannot
access the unauthorized data. This can only be assured by limiting the local access of operations personnel.
C: Management monitoring of audit logs is a detective control. It would not affect what data an operator has
access to so it would have no effect on whether collusion would be required in order to gain access to
unauthorized data.
D: Enforcing regular password changes does not affect what data an operator has access to so it would have
no effect on whether collusion would be required in order to gain access to unauthorized data.


Leave a Reply