Ann has recently transferred from the payroll department to engineering. While browsing file shares, Ann
notices she can access the payroll status and pay rates of her new coworkers. Which of the following
could prevent this scenario from occurring?
A.
Credential management
B.
Continuous monitoring
C.
Separation of duties
D.
User access reviews
Explanation:
In addition to assigning user access properly, it is important to review that access periodically. Access
review is a process to determine whether a user’s access level is still appropriate. People’s roles within an
organization can change over time. It is important to review user accounts periodically and determine if
they still require the access they currently have. An example of such a scenario would be a network
administrator who was responsible for the domain controller but then moved over to administer the
remote access servers. The administrator’s access to the domain controller should now be terminated.
This concept of access review is closely related to the concept of least privileges. It is important that users
do not have “leftover” privileges from previous job roles.
Incorrect Answers:
A: Credential management is the management or storage of usernames and passwords. Credential
management would not prevent Ann from accessing the payroll files. Therefore, this answer is incorrect.
B: Continuous monitoring implies an ongoing audit of what resources a user actually accesses. Continuous
monitoring would enable you to see that Ann can access the payroll files. It does not prevent access
though. Therefore, this answer is incorrect.
C: Separation of duties policies are designed to reduce the risk of fraud and to prevent other losses in an
organization by requiring more than one person to accomplish key processes. Separation of duties would
not prevent Ann from accessing the payroll files. Therefore, this answer is incorrect.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 154