DS0-001 · Question #132
DS0-001 Question #132: Real Exam Question with Answer & Explanation
The correct answer is A: System security plan. A System Security Plan (SSP) is the authoritative document that captures an organization's security posture, including who has access to systems, what roles they hold, and the controls governing that access - making it the natural first stop when auditing database permissions. Th
Question
A security auditor at an organization wants to compile a list of individuals who have access to the database and their roles. Which of the following is the best source of information about an organization's access control requirements?
Options
- ASystem security plan
- BIncident response protocol
- CDisaster recovery document
- DData dictionary
Explanation
A System Security Plan (SSP) is the authoritative document that captures an organization's security posture, including who has access to systems, what roles they hold, and the controls governing that access - making it the natural first stop when auditing database permissions. The Incident Response Protocol focuses on how to react when security events occur, not on defining or documenting access rights. A Disaster Recovery Document addresses business continuity and restoration procedures after an outage, which has no bearing on user roles or access lists. A Data Dictionary defines the structure, meaning, and relationships of data elements in a database, but not who is allowed to access them.
Memory tip: Think of the SSP as the "security blueprint" of an organization - if it governs who can do what with a system, the SSP is where that information lives.
Community Discussion
No community discussion yet for this question.