nerdexam
EC-Council

312-50V11 · Question #555

312-50V11 Question #555: Real Exam Question with Answer & Explanation

The correct answer is A. Segregation of duties. The same person approving access and auditing access logs violates the principle of separation of duties, removing the independent oversight that detects abuse.

Information Security and Ethical Hacking Fundamentals

Question

A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location. During a meeting with an outside consultant, the Chief Security Officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the Network Administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis. Which of the following is an issue with the situation?

Options

  • ASegregation of duties
  • BUndue influence
  • CLack of experience
  • DInadequate disaster recovery plan

Explanation

The same person approving access and auditing access logs violates the principle of separation of duties, removing the independent oversight that detects abuse.

Common mistakes.

  • B. Undue influence refers to coercion or manipulation that compromises decision-making, which is not described in this scenario.
  • C. Lack of experience is not supported by the scenario; the issue is a structural control design flaw, not the administrator's competency.
  • D. An inadequate disaster recovery plan may be a concern for the server room, but the off-site backup is already mentioned and the scenario focuses on access control design.

Concept tested. Separation of duties in access control management

Reference. https://csrc.nist.gov/projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AC-5

Topics

#segregation of duties#RFID access control#security controls#least privilege

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V11 Practice