CompTIA CASP+ Practice Test

Which internal control should be established to prevent unauthorized access during a financial system upgrade?

• A. NDA
• B. Separation of duties
• C. Incident response plan
• D. Access monitoring

The correct answer is: Separation of duties

Establishing a separation of duties as an internal control is vital during a financial system upgrade because it ensures that no single individual has full control over the entire process. By dividing responsibilities among different individuals or departments, the organization can reduce the risk of fraud and unauthorized access. For instance, separate personnel can be responsible for implementing changes, testing those changes, and reviewing the overall process. This layered approach creates checks and balances, making it more difficult for any one person to exploit the system for malicious purposes. In the context of a financial system upgrade, where sensitive data and high-stakes transactions are involved, maintaining this separation not only helps in safeguarding critical information but also serves as a deterrent against potential threats. If someone had malintent, it would be far more challenging to execute their plan without collusion from others, thus enhancing the overall security of the financial system. In contrast, while non-disclosure agreements (NDAs) can protect sensitive information, they do not actively prevent unauthorized access. An incident response plan is crucial for addressing security breaches when they occur but does not prevent access during an upgrade. Access monitoring provides valuable insights into who is accessing what, but it is a reactive measure rather than a proactive one and does not inherently prevent unauthorized access.