On-site Review of Administrator's Activity | Exam CAS-003 CompTIA CASP+

Conducting On-site Review of Database Administrator's Activity

Question

The Chief Information Security Officer (CISO) suspects that a database administrator has been tampering with financial data to the administrator's advantage.

Which of the following would allow a third-party consultant to conduct an on-site review of the administrator's activity?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

The correct answer to this question is D. Mandatory vacation.

Mandatory vacation, also known as enforced vacation or forced leave, is a security control that requires employees to take a specified period of time off work. The purpose of this control is to detect any irregularities or potential fraud that an employee may be committing in their absence. This is achieved by having another employee or team take over the absent employee's duties, providing an opportunity to review their work and detect any anomalies or discrepancies.

In this scenario, the CISO suspects that the database administrator has been tampering with financial data. To conduct an on-site review of the administrator's activity, a third-party consultant could be brought in to take over the administrator's duties during a mandatory vacation period. During this time, the consultant would have the opportunity to review the administrator's work and detect any irregularities or potential fraud.

Option A, Separation of duties, is a control that involves dividing responsibilities between multiple individuals to reduce the risk of fraud or errors. While separation of duties can be effective in preventing fraud, it does not provide an opportunity to detect it after it has occurred.

Option B, Job rotation, involves moving employees between different roles within an organization to prevent them from becoming too comfortable or entrenched in a single position. While job rotation can be effective in reducing the risk of fraud or errors, it does not provide an opportunity to detect fraud after it has occurred.

Option C, Continuous monitoring, involves using automated tools and processes to monitor system activity and detect potential security incidents in real-time. While continuous monitoring can be effective in detecting security incidents, it does not provide an opportunity to review an individual's work in detail.

Therefore, the most appropriate option to allow a third-party consultant to conduct an on-site review of the administrator's activity is D. Mandatory vacation.