CERTIFIED-IN-CYBERSECURITY · Question #491
CERTIFIED-IN-CYBERSECURITY Question #491: Real Exam Question with Answer & Explanation
The correct answer is B: To ensure that no one person should control an entire high-risk task from start to finish. Segregation of duties is a key principle in cybersecurity that ensures that no one person has control over an entire high-risk task from beginning to end. This principle is designed to prevent fraud and errors by requiring more than one person to complete a task (see the ISC2 Stu
Question
Which is the PRIMARY objective of the principle of segregation of duties?
Options
- ATo ensure all tasks are verified twice before completion
- BTo ensure that no one person should control an entire high-risk task from start to finish
- CTo ensure all employees are equally knowledgeable about all tasks
- DTo distribute high-risk tasks evenly among employees that should perform them
Explanation
Segregation of duties is a key principle in cybersecurity that ensures that no one person has control over an entire high-risk task from beginning to end. This principle is designed to prevent fraud and errors by requiring more than one person to complete a task (see the ISC2 Study Guide, Chapter 3, Module 1). For example, in a financial institution, one employee may be responsible for initiating a wire transfer, while another employee must approve the transaction. Segregation of duties also typically applies to system administration activities, such as elevating privileges and using administrative tools. The remaining options do not represent the concept of segregation of duties. Verifying all tasks twice before completion is not a standard cybersecurity practice and can lead to inefficiencies. Spreading the workload evenly among employees is a management strategy, not a cybersecurity principle. Ensuring that all employees are equally knowledgeable about all tasks is impractical and often unnecessary.
Topics
Community Discussion
No community discussion yet for this question.