nerdexam
(ISC)2

CISSP · Question #112

A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user busi

The correct answer is D. separation of duties.. The capabilities of the system that allow its business users to perform business functions but not user administration functions, and its application administrators to perform administration functions but not user business functions, are best described as separation of duties. Se

Submitted by layla.eg· Mar 5, 2026Identity and Access Management (IAM)

Question

A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as

Options

  • Aleast privilege.
  • Brule based access controls.
  • CMandatory Access Control (MAC).
  • Dseparation of duties.

How the community answered

(28 responses)
  • B
    4% (1)
  • C
    7% (2)
  • D
    89% (25)

Explanation

The capabilities of the system that allow its business users to perform business functions but not user administration functions, and its application administrators to perform administration functions but not user business functions, are best described as separation of duties. Separation of duties is a security principle that divides the roles and responsibilities of different tasks or functions among different individuals or groups, so that no one person or group has complete control or authority over a critical process or asset. Separation of duties can help to prevent fraud, collusion, abuse, or errors, and to ensure accountability, oversight, and checks and balances. Least privilege, rule based access controls, and Mandatory Access Control (MAC) are not the best descriptions of the capabilities of the system, as they do not reflect the division of roles and responsibilities among different users or groups.

Topics

#separation of duties#least privilege#access control#security principles

Community Discussion

No community discussion yet for this question.

Full CISSP Practice