CERTIFIED-IN-CYBERSECURITY · Question #192
CERTIFIED-IN-CYBERSECURITY Question #192: Real Exam Question with Answer & Explanation
The correct answer is D: Separation of duties. Separation of duties is a principle that requires multiple individuals to participate in a task, with each person assigned to a different role (see ISC2 Study Guide, Chapter 3, Module 1). This prevents someone from both creating a new user account and assigning that account super
Question
What access control principle prevents someone from both creating a new user account and assigning that account superuser privileges within the same system?
Options
- ALeast privilege
- BSecurity through obscurity
- CJob rotation
- DSeparation of duties
Explanation
Separation of duties is a principle that requires multiple individuals to participate in a task, with each person assigned to a different role (see ISC2 Study Guide, Chapter 3, Module 1). This prevents someone from both creating a new user account and assigning that account superuser privileges within the same system. To illustrate the concept, imagine that Alice is responsible for creating new user accounts as part of his role in the IT department. Another individual (let's call him Bob) is responsible for assigning user roles and privileges, including superuser privileges. When a new request to create a user account with superuser privileges arrives, Alice can create the account, but she cannot assign the superuser privileges to the account. Only Bob has that authority. Conversely, Bob cannot create new user accounts; only Alice has that authority. Regarding the other options, least privilege limits user access to only the minimum amount of information and functionality necessary to perform their job functions. Job rotation is a policy requiring employees to rotate positions periodically. Security through obscurity relies on secrecy rather than robust security measures to protect systems or data.
Topics
Community Discussion
No community discussion yet for this question.