Job Rotation and Separation of Duties test - Personnel Security - CISSP questions

Question 1

In a large corporation, which of the following practices best combines the principles of job rotation and separation of duties?

Assigning employees to different projects every quarter while maintaining their core responsibilities Implementing a system where two employees must approve all financial transactions over a certain threshold Requiring employees to take mandatory vacations and having their work reviewed by colleagues during their absence Rotating employees between departments while ensuring no single person has control over an entire process

Correct Answer: Rotating employees between departments while ensuring no single person has control over an entire process

The best answer combines the principles of job rotation and separation of duties by rotating employees between departments while ensuring no single person has control over an entire process. This practice achieves two important security objectives:

1. Job Rotation: By moving employees between different departments, it exposes them to various aspects of the organization's operations. This helps in cross-training, reduces the risk of fraud, and allows for fresh perspectives on processes.

2. Separation of Duties: Ensuring that no single person has control over an entire process is a key principle of separation of duties. This prevents any individual from having too much power or the ability to commit fraud undetected.

The other options do not fully address both principles:

Assigning employees to different projects quarterly while maintaining core responsibilities doesn't adequately address separation of duties, as employees may still have control over entire processes.

Implementing a two-person approval system for financial transactions only addresses separation of duties for specific actions and doesn't involve job rotation.

Requiring mandatory vacations and work review during absence is a good practice but primarily focuses on detecting fraud rather than preventing it through ongoing separation of duties and job rotation.

Question 2

Enterprise X is redesigning their organizational structure to enforce better separation of duties. Which scenario below best exemplifies this concept?

The manager is responsible for approving and conducting code review for their department. An employee can only execute financial transactions after being approved by their manager. All employees use the same code to access the organization's intranet. The sales department is also responsible for approving their own expense claims.

Correct Answer: An employee can only execute financial transactions after being approved by their manager.

The correct answer ensures approvals for financial transactions are separate from those who execute them, enforcing separation of duties. Other scenarios lack separation and provide opportunities for misuse, fraud, or conflicts of interest.

Question 3

A company wants to implement a job rotation policy to reduce internal fraud risks. As a security expert, which scenario would you recommend to the management?

Rotate an employee working in the accounts payable department to the procurement team. Rotate an employee from the HR department to the IT department. Rotate an employee from the manufacturing department to the warehouse. Rotate an employee from the sales team to a customer support role.

Correct Answer: Rotate an employee working in the accounts payable department to the procurement team.

The correct answer is accounts payable to procurement as these are related departments where fraud can occur and the knowledge of both can help detect suspicious activities. Other rotations are unrelated to the goal of fraud prevention and can be considered less effective.

Job Rotation and Separation of Duties

Guide to Job Rotation and Separation of Duties

CISSP - Job Rotation and Separation of Duties Example Questions

Question 1

Question 2

Question 3

🎓 Unlock Premium Access