I beg to differ on Q 47. The fraud is already detected and resulted in employee's arrest. Hence the Mandatory Vacation goes out the door. The LP and DiD do not come into play as no clear employee function or software/data flow is present in the question. So SOD is the only choice that I would pick.
Im confused by question 47.. it asks which control would PREVENT the fraud, mandatory vacation is not a preventive control, its a detective control that can help you find out about the fraud after it has happened.. at best it could ve considered a deterrent control if the employee is explicitly told ahead of time why he must take mandatory vacation and that he will be under review at that point in time but usually thats not the case, the other answers list preventive controls
I understand your confusion around the word prevention and preventive control. Besides preventive control, other control can also help you prevent crimes and fraud. For example, you may call a dog sign board outside a facility a deterrent control but you may say that it prevents or deters a potential intruder from going inside the facility after seeing the sign. So your explanation is right in the sense that mandatory vacation may have helped early detection of the fraud to prevent it or may have deterred the individual from doing the fraud and could have thus prevented the fraud from occurring.
@mikealpha Thanks for the answer and the video, upon further review I believe there is a mistake in the question text of question 47. I realize that security controls have overlap between eachother and mandatory vacation can be both considered a preventative control and a deterent control,and thus it it is possible that it CAN prevent fraud, even though mostly it's recognized as a preventative control. However seperation of duties for example is also a preventative control and it could also prevent the fraud and we dont have enough information to say that one wouldve been more effective than the other. Also, In the actual answer explanation on the slide it says: "Seperation of duties, least privilige, and defense in depth controls all *May Help Prevent The Fraud In The First Place* but are unlikely to speed the detection of fraud that has already occured." The emphasis of the answer explanation above is on detecting the fruad and the answer explanation clearly also states that all the other answers could've also help prevent the fraud. For this reason I believe there was a mistake in the question text and the question should've been "Which control might have detected this fraud?" isntead and the right answer then is clear - Mandatory Vacation.
@@boyananakiev4896 you are right... the correct answer is SOD or if the detection is mentioned in the word then only mandatory vacations is possible..... Mandatory vacations cannot prevent fraud, whatsoever and is hardly abided principle in any org.
I beg to differ on Q 47. The fraud is already detected and resulted in employee's arrest. Hence the Mandatory Vacation goes out the door. The LP and DiD do not come into play as no clear employee function or software/data flow is present in the question. So SOD is the only choice that I would pick.
q 47
IMO
mandatory vacation if only you state to speed up the process in the question.
Im confused by question 47.. it asks which control would PREVENT the fraud, mandatory vacation is not a preventive control, its a detective control that can help you find out about the fraud after it has happened.. at best it could ve considered a deterrent control if the employee is explicitly told ahead of time why he must take mandatory vacation and that he will be under review at that point in time but usually thats not the case, the other answers list preventive controls
I understand your confusion around the word prevention and preventive control.
Besides preventive control, other control can also help you prevent crimes and fraud.
For example, you may call a dog sign board outside a facility a deterrent control but you may say that it prevents or deters a potential intruder from going inside the facility after seeing the sign.
So your explanation is right in the sense that mandatory vacation may have helped early detection of the fraud to prevent it or may have deterred the individual from doing the fraud and could have thus prevented the fraud from occurring.
@mikealpha Thanks for the answer and the video, upon further review I believe there is a mistake in the question text of question 47.
I realize that security controls have overlap between eachother and mandatory vacation can be both considered a preventative control and a deterent control,and thus it it is possible that it CAN prevent fraud, even though mostly it's recognized as a preventative control. However seperation of duties for example is also a preventative control and it could also prevent the fraud and we dont have enough information to say that one wouldve been more effective than the other.
Also, In the actual answer explanation on the slide it says: "Seperation of duties, least privilige, and defense in depth controls all *May Help Prevent The Fraud In The First Place* but are unlikely to speed the detection of fraud that has already occured."
The emphasis of the answer explanation above is on detecting the fruad and the answer explanation clearly also states that all the other answers could've also help prevent the fraud.
For this reason I believe there was a mistake in the question text and the question should've been "Which control might have detected this fraud?" isntead and the right answer then is clear - Mandatory Vacation.
@@boyananakiev4896 you are right... the correct answer is SOD or if the detection is mentioned in the word then only mandatory vacations is possible..... Mandatory vacations cannot prevent fraud, whatsoever and is hardly abided principle in any org.