CERTIFIED-IN-CYBERSECURITY Question #138: Real Exam Question with Answer & Explanation

Question

Which of the following is an implementation of an administrative control? ()

Options

• ARequiring approval before accessing privileged tools
• BUtilizing a turnstile to deter tailgating
• CInstalling video cameras to oversee access to a facility
• DPlacing a sign to direct suppliers to their entrance

Explanation

Requiring authorization before accessing privileged tools is an example of an administrative control, specifically an instance of segregation of duties (SoD), which refers to the division of roles and responsibilities among different people to reduce the risk of potential errors or fraud For example, in a software development organization, a developer may need access to certain privileged tools for debugging purposes. However, instead of granting unrestricted access, the company's policy can require that the developer first obtain approval from a manager or system administrator. This divides the responsibility for accessing privileged tools between the requester and the approver, ensuring that no single person has complete control over this sensitive task. The remaining examples are physical controls, not administrative controls. Using a turnstile to prevent tailgating is a physical control. Posting a sign to direct vendors to their entrance is a physical control that manages the flow of people through a facility. Installing video cameras to monitor access to a facility is a physical control that monitors and records physical access.

No community discussion yet for this question.