CISSP-ISSMP Question #22: Real Exam Question with Answer & Explanation

Question

Which of the following can be prevented by an organization using job rotation and separation of duties policies?

Options

• ACollusion
• BEavesdropping
• CBuffer overflow
• DPhishing

Explanation

Collusion can be prevented by an organization using job rotation and separation of duties (SoD) Separation of duties is the concept and a part of an organization's policy of having more than one person required to complete a task. It implements an appropriate level of checks and balances upon the activities of individuals. With the concept of SoD, business critical duties can be categorized into four types of functions: authorization, custody, record keeping, and reconciliation. In a perfect system, no person should handle more than one type of function. Separation of duties helps reduce the potential damage from the actions of one person. As an organization's policy it also helps to prevent collusion. Answer option B is incorrect. Eavesdropping is the process of listening in private conversations. It also includes attackers listening in on the network traffic. For example, it can be done over telephone lines (wiretapping), e-mail, instant messaging, and any other method of communication considered private. Answer option C is incorrect. Buffer overflow is a condition in which an application receives more data than it is configured to accept. It helps an attacker not only to execute a malicious code on the target system but also to install backdoors on the target system for further attacks. All buffer overflow attacks are due to only sloppy programming or poor memory management by the application developers. The main types of buffer overflows are:

No community discussion yet for this question.