A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit
shows that there have been four cases in the previous year where tellers opened accounts without
management approval. The bank president thought separation of duties would prevent this from happening. In
order to implement a true separation of duties approach the bank could:
A.
Require the use of two different passwords held by two different individuals to open an account
B.
Administer account creation on a role based access control approach
C.
Require all new accounts to be handled by someone else other than a teller since they have different duties
D.
Administer account creation on a rule based access control approach
Is there anybody who knows correct answer?
I think it could be also A. The main idea of separation of duties is to not provide one person full control. If we choose A this approach will is observed.
0
0
The correct answer is A.
0
1
I disagree. The statement requires that a manager must give approval, not tellers. If you select ‘A’, whose to say that they aren’t both Tellers. The key phrase here is ‘someone else other than the Teller’ as the scenario states.
0
0
I would say it is D. The teller can create the account ONLY IF the manager gives approval. This is rule-based.
0
0
I think it is B – Role-based access control and separation of duties association
0
0
I thought the answer was B, too. At least it can’t be D.
0
0
Anyone see C as an answer? I think it is C since teller has a main role of taking care of customer bank transaction, taking the creating of new account duities completely out of them. Well most banks are following this procedure anyway in real world.
0
0