CERTIFIED-IN-CYBERSECURITY · Question #537
CERTIFIED-IN-CYBERSECURITY Question #537: Real Exam Question with Answer & Explanation
The correct answer is B: A system password with two separate parts that no single person knowing the full password. A system password with two separate parts that no one person knows in full is an example of dual control (where two or more people are required to complete a sensitive task). See the ISC2 Study Guide, Chapter 3, Module 1 For example, in a banking environment, two employees may be
Question
Which of the following is an example of dual control?
Options
- ATwo or more individuals sharing access to the same device
- BA system password with two separate parts that no single person knowing the full password
- CTwo or more individuals submitting a proposal for a system configuration change and both
- DAn employee creating an invoice for payment to a vendor and getting it approved by a manager
Explanation
A system password with two separate parts that no one person knows in full is an example of dual control (where two or more people are required to complete a sensitive task). See the ISC2 Study Guide, Chapter 3, Module 1 For example, in a banking environment, two employees may be required to enter their unique part of a password to authorize a large financial transaction. This ensures that no single person has complete control over sensitive operations, reducing the risk of fraud or misuse. The other options are incorrect because they do not accurately represent dual control. An employee who creates an invoice and has it approved by a manager is an example of segregation of duties, not dual control. Two or more people sharing access to the same device is a security risk, not a control measure. Finally, two or more people submitting a proposal for a system configuration change and both reviewing the proposal is an example of peer review or collaboration, not dual control
Topics
Community Discussion
No community discussion yet for this question.