To assist in Intrusion Detection you would review audit logs for access violations. The following answers are incorrect: access control lists. This is incorrect because access control lists determine who has access to what but do not detect intrusions.
security clearances. This is incorrect because security clearances determine who has access to what but do not detect intrusions. host-based authentication. This is incorrect because host-based authentication determine who have been authenticated to the system but do not dectect intrusions.

By reviewing system logs you can detect events that have occured. The following answers are incorrect: avoidance. This is incorrect, avoidance is a distractor. By reviewing system logs you have not avoided anything. deterrence. This is incorrect because system logs are a history of past events. You cannot deter something that has already occurred. prevention. This is incorrect because system logs are a history of past events. You cannot prevent something that has already occurred.

Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed. Accountability is the ability to identify users and to be able to track user actions.
The following answers are incorrect: Documented design as laid out in the Common Criteria. Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability.
Authorization. Is incorrect because Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions. Formal verification of system design. Is incorrect because all you have done is to verify the system design and have not taken any steps toward system accountability.
References: OIG CBK Glossary (page 778)

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

This question is asking you to consider the effects of object reuse. Object reuse is “reassigning to subject media that previously contained information. Object reuse is a security concern because if insufficient measures were taken to erase the information on the media, the information may be disclosed to unauthorized personnel.”
This concept relates to Security Architecture and Design, because it is in level C2: Controlled Access Protection, of the Orange Book, where “The object reuse concept must be invoked, meaning that any medium holding data must not contain any remnants of information after it is release for another subject to use.”
REFERENCE:
AIO Version 5 (Shon Harris), page 360 and TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

The reference monitor concept is an abstract machine that ensures that all subjects have the necessary access rights before accessing objects. Therefore, the kernel will mediates all accesses to objects by subjects and will do so by validating through the reference monitor concept.
The kernel does not decide whether or not the access will be granted, it will be the Reference Monitor which is a subset of the kernel that will say YES or NO.
All access requests will be intercepted by the Kernel, validated through the reference monitor, and then access will either be denied or granted according to the request and the subject privileges within the system.
1. The reference monitor must be small enough to be full tested and valided
2. The Kernel must MEDIATE all access request from subjects to objects
3. The processes implementing the reference monitor must be protected 4. The reference monitor must be tamperproof
The following answers are incorrect:
The security kernel is the mechanism that actually enforces the rules of the reference monitor concept.
The other answers are distractors.
Shon Harris, All In One, 5th Edition, Security Architecture and Design, Page 330 also see http://en.wikipedia.org/wiki/Reference_monitor

First you have to realize that the question is specifically talking about a CDROM. The information stored on a CDROM is not in electro magnetic format, so a degausser woud be inneffective.
You cannot sanitize a CDROM but you might be able to sanitize a RW/CDROM. A CDROM is a write once device and cannot be overwritten like a hard disk or other magnetic device.
Physical Damage would not be enough as information could still be extracted in a lab from the undamaged portion of the media or even from the pieces after the physical damage has been done.
Physical Destruction using a shredder, your microwave oven, melting it, would be very effective and the best choice for a non magnetic media such as a CDROM. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

The questions specifically said: “within a different function” which eliminate Job Rotation as a choice.
Management monitoring of audit logs is a detective control and it would not prevent collusion. Changing passwords regularly would not prevent such attack.
This question validates if you understand the concept of separation of duties and least privilege. By having operators that have only the minimum access level they need and only what they need to do their duties within a company, the operations personnel would be force to use collusion to defeat those security mechanism. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.