SY0-501 Question #50: Real Exam Question with Answer & Explanation

Question

A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening. In order to implement a true separation of duties approach the bank could:

Options

• ARequire the use of two different passwords held by two different individuals to open an
• BAdminister account creation on a role based access control approach
• CRequire all new accounts to be handled by someone else other than a teller since they have
• DAdminister account creation on a rule based access control approach

Explanation

The bank requires a robust implementation of separation of duties to prevent tellers from independently opening new accounts without proper management approval, as current controls are failing.

Common mistakes.

• A. While requiring two different passwords adds a layer of dual control, it does not inherently prevent tellers from having the capability to open accounts, nor does it guarantee that the second individual represents a truly separate and independent role in the process.
• B. Role-Based Access Control (RBAC) is a mechanism for assigning permissions based on roles, but simply using RBAC does not guarantee separation of duties if the 'teller' role is still granted the permission to create accounts.
• D. Rule-Based Access Control (RuBAC) grants or denies access based on defined rules, but like RBAC, merely implementing RuBAC does not specify the specific rule that would enforce separation of duties, nor does it address the underlying issue of tellers retaining account creation capabilities.

Concept tested. Implementing Separation of Duties (SoD)

Reference. https://learn.microsoft.com/en-us/azure/governance/blueprints/concepts/separation-of-duties

No community discussion yet for this question.