CompTIA Security+ Question B-55

The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action?

A. Create a single, shared user account for every system that is audited and logged based upon time of use.
B. Implement a single sign-on application on equipment with sensitive data and high-profile shares.
C. Enact a policy that employees must use their vacation time in a staggered schedule.
D. Separate employees into teams led by a person who acts as a single point of contact for observation purposes.

Answer: C

A policy that states employees should use their vacation time in a staggered schedule is a way of employing mandatory vacations. A mandatory vacation policy requires all users to take time away from work while others step in and do the work of that employee on vacation. This will afford the CSO the opportunity to see who is using the company assets responsibly and who is abusing it.