CISSP · Question #112
A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user busi
The correct answer is D. separation of duties.. The capabilities of the system that allow its business users to perform business functions but not user administration functions, and its application administrators to perform administration functions but not user business functions, are best described as separation of duties. Se
Question
A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as
Options
- Aleast privilege.
- Brule based access controls.
- CMandatory Access Control (MAC).
- Dseparation of duties.
How the community answered
(28 responses)- B4% (1)
- C7% (2)
- D89% (25)
Explanation
The capabilities of the system that allow its business users to perform business functions but not user administration functions, and its application administrators to perform administration functions but not user business functions, are best described as separation of duties. Separation of duties is a security principle that divides the roles and responsibilities of different tasks or functions among different individuals or groups, so that no one person or group has complete control or authority over a critical process or asset. Separation of duties can help to prevent fraud, collusion, abuse, or errors, and to ensure accountability, oversight, and checks and balances. Least privilege, rule based access controls, and Mandatory Access Control (MAC) are not the best descriptions of the capabilities of the system, as they do not reflect the division of roles and responsibilities among different users or groups.
Topics
Community Discussion
No community discussion yet for this question.