PrepAway - Latest Free Exam Questions & Answers

Which type of authorization policy would BEST address this practice?

An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and
encourage crosstraining. Which type of authorization policy would BEST address this practice?

PrepAway - Latest Free Exam Questions & Answers

A.
Multilevel

B.
Role-based

C.
Discretionary

D.
Attribute-based

Explanation:

A role-based policy will associate data access with the role performed by an individual, thus
restricting access to data required to perform the individual’s tasks. Multilevel policies are based
on classifications and clearances. Discretionary policies leave access decisions up to information
resource managers.


Leave a Reply