nerdexam
(ISC)2

CISSP · Question #264

Which of the following restricts the ability of an individual to carry out all the steps of a particular process?

The correct answer is B. Separation of duties. Separation of duties is a security control that divides critical processes among multiple individuals to prevent any single person from completing a sensitive task alone, reducing fraud and error risk.

Submitted by takeshi77· Mar 5, 2026Identity and Access Management

Question

Which of the following restricts the ability of an individual to carry out all the steps of a particular process?

Options

  • AJob rotation
  • BSeparation of duties
  • CLeast privilege
  • DMandatory vacations

How the community answered

(34 responses)
  • A
    3% (1)
  • B
    88% (30)
  • C
    6% (2)
  • D
    3% (1)

Why each option

Separation of duties is a security control that divides critical processes among multiple individuals to prevent any single person from completing a sensitive task alone, reducing fraud and error risk.

AJob rotation

Job rotation periodically moves employees between roles to expose fraud or build cross-functional knowledge, but it does not structurally prevent one person from completing all steps of a process simultaneously.

BSeparation of dutiesCorrect

Separation of duties deliberately splits a process into distinct steps assigned to different individuals, ensuring no single person can execute an entire sensitive workflow end-to-end. This control directly restricts an individual's ability to carry out all steps of a process, making collusion necessary for abuse. It is a foundational internal control used in both IT and financial security frameworks.

CLeast privilege

Least privilege restricts a user's access rights to only what is needed for their specific job function, but it focuses on limiting permissions rather than dividing process steps among multiple people.

DMandatory vacations

Mandatory vacations are a detective control designed to uncover fraud that requires the perpetrator's continuous presence, not a preventive control that restricts who can perform each step of a process.

Concept tested: Separation of duties as a preventive security control

Source: https://csrc.nist.gov/glossary/term/separation_of_duty

Topics

#Separation of duties#Internal controls#Access control principles

Community Discussion

No community discussion yet for this question.

Full CISSP Practice