nerdexam
ExamsCAS-003Questions#714
CompTIA

CAS-003 · Question #714

CAS-003 Question #714: Real Exam Question with Answer & Explanation

The correct answer is B: Separation of duties. Separation of duties (SoD) is the principle that no single individual should hold roles or privileges that span multiple, conflicting areas of authority. Granting the CFO - a financial executive with no operational IT responsibility - domain administrator privileges violates SoD

Question

The Chief Financial Officer (CFO) of an organization wants the IT department to add the CFO's account to the domain administrator group. The IT department thinks this is nsky and wants support from the security manager before proceeding. Which of the following BEST supports the argument against providing the CFO with domain administrator access?

Options

  • ADiscretionary access control
  • BSeparation of duties
  • CData classification
  • DMandatory access control

Explanation

Separation of duties (SoD) is the principle that no single individual should hold roles or privileges that span multiple, conflicting areas of authority. Granting the CFO - a financial executive with no operational IT responsibility - domain administrator privileges violates SoD by combining financial oversight authority with unrestricted IT control, creating opportunities for fraud, data exfiltration, or accidental misconfiguration. SoD is the most direct argument because it addresses the role conflict itself. Discretionary access control (A) governs how owners grant permissions. Data classification (C) defines data sensitivity. Mandatory access control (D) enforces policy-based access. None of these directly argue against role overlap the way SoD does.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice