nerdexam
(ISC)2

CISSP · Question #853

Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?

The correct answer is B. Dynamic separation of duties. In Role-Based Access Control (RBAC), improper aggregation of privileges occurs when a user ends up with excessive permissions by accumulating multiple roles or privileges that conflict with the principle of least privilege. This can lead to security risks, such as a user gaining

Submitted by weili_xi· Mar 5, 2026Identity and Access Management

Question

Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?

Options

  • AHierarchical inheritance
  • BDynamic separation of duties
  • CThe Clark-Wilson security model
  • DThe Bell-LaPadula security model

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    84% (26)
  • C
    10% (3)
  • D
    3% (1)

Explanation

In Role-Based Access Control (RBAC), improper aggregation of privileges occurs when a user ends up with excessive permissions by accumulating multiple roles or privileges that conflict with the principle of least privilege. This can lead to security risks, such as a user gaining both the ability to perform a privileged action and a conflicting action, potentially allowing fraud or abuse. Dynamic separation of duties is the feature of an RBAC system that helps prevent improper aggregation of privileges. It enforces policies where certain roles or permissions cannot be combined for a single user, or where specific tasks are restricted based on their inherent conflict with other roles. This prevents a user from accumulating conflicting or excessive privileges, ensuring that critical tasks are properly separated.

Topics

#RBAC#separation of duties#privilege aggregation#access control

Community Discussion

No community discussion yet for this question.

Full CISSP Practice