New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 SSCP Exam - Topic 7 Question 1 Discussion

Actual exam question for ISC2's SSCP exam
Question #: 1
Topic #: 7
[All SSCP Questions]

Which of the following exemplifies proper separation of duties?

Show Suggested Answer Hide Answer
Suggested Answer: A

This is an example of Separation of Duties because operators are prevented from modifying the system time which could lead to fraud. Tasks of this nature should be performed by they system administrators.

AIO defines Separation of Duties as a security principle that splits up a critical task among two or more individuals to ensure that one person cannot complete a risky task by himself.

The following answers are incorrect:

Programmers are permitted to use the system console. Is incorrect because programmers should not be permitted to use the system console, this task should be performed by operators. Allowing programmers access to the system console could allow fraud to occur so this is not an example of Separation of Duties..

Console operators are permitted to mount tapes and disks. Is incorrect because operators should be able to mount tapes and disks so this is not an example of Separation of Duties.

Tape operators are permitted to use the system console. Is incorrect because operators should be able to use the system console so this is not an example of Separation of Duties.

References:

OIG CBK Access Control (page 98 - 101)

AIOv3 Access Control (page 182)


by Josephine at May 08, 2022, 01:47 AM

Limited Time Offer

25%

Off

Get Premium SSCP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lashandra
4 months ago
I thought all operators should have some console access?
upvoted 0 times
...
Ernest
4 months ago
Wait, are we really allowing tape operators at the console?
upvoted 0 times
...
Daren
4 months ago
C and D are a big no for separation of duties.
upvoted 0 times
...
Janey
4 months ago
I disagree, B seems fine too.
upvoted 0 times
...
Janna
5 months ago
A is definitely the right choice.
upvoted 0 times
...
Eileen
5 months ago
I vaguely recall that tape operators should have limited access, so option D seems like a bad example of separation of duties too.
upvoted 0 times
...
Launa
5 months ago
I feel like option C is definitely wrong since allowing console operators to mount tapes and disks could lead to security issues.
upvoted 0 times
...
Lashunda
5 months ago
I'm not entirely sure, but I remember something about console access being a risk. Maybe option B is not a good example of separation of duties?
upvoted 0 times
...
Layla
5 months ago
I think option A makes sense because not modifying the system time helps prevent unauthorized changes.
upvoted 0 times
...
Fausto
5 months ago
I'm a little confused by the wording of the question. It mentions path selection and path quality, but none of the options seem to directly address that. I'll have to re-read the question and options a few times to make sure I understand what they're asking for.
upvoted 0 times
...
Rocco
5 months ago
I think the product life cycle might be significant too, but can it really beat profit maximization in importance?
upvoted 0 times
...
Emilio
5 months ago
I feel confident about this one. The employee being given an unfair appraisal would be a valid grievance, as it's not a disciplinary issue.
upvoted 0 times
...
Thad
5 months ago
I remember practice questions where brute force attacks were mentioned. RDP and SSH both sound like they could target the OS as well.
upvoted 0 times
...
Nikita
5 months ago
I suppose it could be tricky, but isn't staff resistance just a change management issue? I wonder if that's less about suitability and more about execution.
upvoted 0 times
...

Save Cancel