CISSP · Question #853
Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?
The correct answer is B. Dynamic separation of duties. In Role-Based Access Control (RBAC), improper aggregation of privileges occurs when a user ends up with excessive permissions by accumulating multiple roles or privileges that conflict with the principle of least privilege. This can lead to security risks, such as a user gaining
Question
Options
- AHierarchical inheritance
- BDynamic separation of duties
- CThe Clark-Wilson security model
- DThe Bell-LaPadula security model
How the community answered
(31 responses)- A3% (1)
- B84% (26)
- C10% (3)
- D3% (1)
Explanation
In Role-Based Access Control (RBAC), improper aggregation of privileges occurs when a user ends up with excessive permissions by accumulating multiple roles or privileges that conflict with the principle of least privilege. This can lead to security risks, such as a user gaining both the ability to perform a privileged action and a conflicting action, potentially allowing fraud or abuse. Dynamic separation of duties is the feature of an RBAC system that helps prevent improper aggregation of privileges. It enforces policies where certain roles or permissions cannot be combined for a single user, or where specific tasks are restricted based on their inherent conflict with other roles. This prevents a user from accumulating conflicting or excessive privileges, ensuring that critical tasks are properly separated.
Topics
Community Discussion
No community discussion yet for this question.