ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 183 discussion

Actual exam question from CompTIA's PT0-002
Question #: 183
Topic #: 1
[All PT0-002 Questions]

A penetration tester discovers during a recent test that an employee in the accounting department had been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to discourage this type of activity in the future?

  • A. Enforce mandatory employee vacations.
  • B. Implement multifactor authentication.
  • C. Install video surveillance equipment in the office.
  • D. Encrypt passwords for bank account information.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by masso435 at Dec. 5, 2022, 6:21 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kapen
Highly Voted 2 years, 3 months ago
Selected Answer: A
Common question in the CompTIA CySA+ course. Job rotation stop this kind of issue in the workplace
upvoted 8 times
mad755
2 years, 1 month ago
agreed. Seen before and employee vacations is usually the answer. People don't want to get caught slipping by their peers.
upvoted 3 times
...
...
BOYA2022
Highly Voted 2 years, 4 months ago
Selected Answer: A
If the employee already works in the accounting department, MFA will not stop their actions because they'll already have access by virtue of their job.
upvoted 5 times
Debbi12
2 years, 2 months ago
mandatory employee vacations wouldn't still discourage such activity. what about after the employee comes back from vacation. I think it's C. Two-person authentication is a type of MFA that requires two individuals to be involved in the authentication process. For example, one person may enter a password, while another person provides a secondary form of verification, such as a biometric or a code sent to a phone.
upvoted 1 times
Paula77
10 months, 1 week ago
You are confusing MFA with Four Eyes Principle, which are two different things.
upvoted 1 times
...
[Removed]
2 years, 2 months ago
A is answer
upvoted 2 times
...
...
...
3d8c4e3
Most Recent 9 months, 1 week ago
Why on earth would this not be C?
upvoted 1 times
...
Etc_Shadow28000
10 months, 1 week ago
Selected Answer: A
A. Enforce mandatory employee vacations: • Enforcing mandatory employee vacations is a well-known fraud prevention strategy. It ensures that employees must take time away from their duties, which can disrupt and potentially expose ongoing fraudulent activities. When an employee is away, their work is often handled by another person, who might notice discrepancies or irregularities that could indicate fraud.
upvoted 1 times
Etc_Shadow28000
10 months, 1 week ago
B. Implement multifactor authentication: • While multifactor authentication (MFA) enhances security by adding additional layers of verification, it primarily protects against unauthorized access. It does not directly address internal fraud or the issue of employees with legitimate access abusing their privileges. C. Install video surveillance equipment in the office: • Video surveillance can be useful for monitoring physical security and deterring some types of misconduct. However, it is less effective at preventing and detecting complex fraudulent activities that occur through electronic systems. D. Encrypt passwords for bank account information: • Encrypting passwords is a good security practice for protecting sensitive information, but it does not address the issue of an employee abusing legitimate access to systems to commit fraud. Encryption protects data in storage and transit but does not prevent misuse by authorized users.
upvoted 2 times
...
...
Paula77
10 months, 1 week ago
Selected Answer: A
No doubt A is the right answer
upvoted 1 times
...
deeden
1 year, 1 month ago
Selected Answer: B
I think B is more relevant here just like our current payment system where you get and OTP to transfer funds. Mandatory vacation does not really discourage this behavior unless a dedicated auditor who knows what he/she is looking for, will check every money transfer made which would appear as legal transactions and that could be millions.
upvoted 1 times
...
[Removed]
1 year, 5 months ago
Selected Answer: A
Pretty sure this was on Sec+. I vaguely remember Professor Messer mentioning something about this when covering insider threats. Regardless, this happened at a bank near me. Controller in accounts receivable department embezzled over $100K over 10 years. Never took PTO. The CFO finally forced her to take vacation and during that time, they discovered she had been stealing.
upvoted 2 times
...
solutionz
1 year, 9 months ago
Selected Answer: A
Among these options, enforcing mandatory employee vacations (Option A) would be the best recommendation, as it could help uncover fraudulent activities that require continuous action by the employee. It may force the fraudulent employee to delegate his tasks, and inconsistencies might be detected during his absence. However, this measure should be part of a broader strategy to monitor for and prevent insider threats, including implementing robust access controls, segregation of duties, continuous monitoring, and regular audits.
upvoted 2 times
...
AaronS1990
2 years, 1 month ago
Selected Answer: A
Another appalling answer. This is definitely A
upvoted 2 times
...
nickwen007
2 years, 2 months ago
B. Implement multifactor authentication would be the best recommendation to discourage this type of activity in the future. Multi-factor authentication requires a user to verify their identity through more than just a username and password, such as a one-time code sent to their email or mobile phone. This makes it much harder for unauthorized users to gain access to accounts, thus preventing this type of malicious activity in the future.
upvoted 2 times
[Removed]
2 years, 2 months ago
A is correct
upvoted 2 times
nickwen007
2 years, 1 month ago
Enforcing mandatory employee vacations would not necessarily discourage this type of activity in the future, as it would not prevent an individual from having access to financial information when they are in the office. Implementing multifactor authentication, on the other hand, would make it much more difficult for an individual to gain unauthorized access to the financial information, and is therefore the best recommendation in this situation.
upvoted 1 times
[Removed]
2 years, 1 month ago
https://www.google.com/url?sa=t&source=web&rct=j&url=https://www.examtopics.com/discussions/comptia/view/66648-exam-pt1-002-topic-1-question-47-discussion/&ved=2ahUKEwiey7Ld9dP9AhWQxQIHHcjTCwQQFnoECAgQAQ&usg=AOvVaw15MWiv1jaZi4PXI7fqrqwK A 100% correct answer
upvoted 2 times
...
...
...
...
kloug
2 years, 2 months ago
aaaaaaaaaaa
upvoted 3 times
...
masso435
2 years, 5 months ago
Selected Answer: A
It's A.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago