Mandatory vacations are a security control which can be used to uncover which of the following?
A. Fraud committed by a system administrator B. Poor password security among users C. The need for additional security staff D. Software vulnerabilities in vendor code
Answer: A
Explanation: Mandatory vacations also provide an opportunity to discover fraud apart from the obvious benefits of giving employees a chance to refresh and making sure that others in the company can fill those positions and make the company less dependent on those persons; a sort pf replication and duplication at all levels.
Use of group accounts should be minimized to ensure which of the following?
A. Password security B. Regular auditing C. Baseline management D. Individual accountability
Answer: D
Explanation: Holding users accountable for their actions is part of security, and can only be achieved by users having their own user accounts. To adequately provide accountability, the use of shared or group accounts should be discouraged.