ISC2 Exam SSCP Topic 7 Question 1 Discussion

Actual exam question for ISC2's Systems Security Certified Practitioner exam

Question #: 1
Topic #: 7

[All Systems Security Certified Practitioner Questions]

Which of the following exemplifies proper separation of duties?

AOperators are not permitted modify the system time.

BProgrammers are permitted to use the system console.

CConsole operators are permitted to mount tapes and disks.

DTape operators are permitted to use the system console.

Show Suggested Answer

Suggested Answer: A

This is an example of Separation of Duties because operators are prevented from modifying the system time which could lead to fraud. Tasks of this nature should be performed by they system administrators.

AIO defines Separation of Duties as a security principle that splits up a critical task among two or more individuals to ensure that one person cannot complete a risky task by himself.

The following answers are incorrect:

Programmers are permitted to use the system console. Is incorrect because programmers should not be permitted to use the system console, this task should be performed by operators. Allowing programmers access to the system console could allow fraud to occur so this is not an example of Separation of Duties..

Console operators are permitted to mount tapes and disks. Is incorrect because operators should be able to mount tapes and disks so this is not an example of Separation of Duties.

Tape operators are permitted to use the system console. Is incorrect because operators should be able to use the system console so this is not an example of Separation of Duties.

References:

OIG CBK Access Control (page 98 - 101)

AIOv3 Access Control (page 182)

by Josephine at May 08, 2022, 01:47 AM

Limited Time Offer

25%

Off

Get Premium SSCP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!