PrepAway - Latest Free Exam Questions & Answers

Which of the following exemplifies proper separation of…

Which of the following exemplifies proper separation of duties?

PrepAway - Latest Free Exam Questions & Answers

A.
Operators are not permitted modify the system time.

B.
Programmers are permitted to use the system console.

C.
Console operators are permitted to mount tapes and disks.

D.
Tape operators are permitted to use the system console.

Explanation:
Changing the system time would cause logged events to have the wrong time. An operator could commit fraud
and cover his tracks by changing the system time to make it appear as the events happened at a different time.
Ensuring that operators are not permitted modify the system time (another person would be required to modify
the system time) is an example of separation of duties.
The objective of separation of duties is to ensure that one person acting alone cannot compromise the
company’s security in any way. High-risk activities should be broken up into different parts and distributed to
different individuals or departments. That way, the company does not need to put a dangerously high level of
trust in certain individuals. For fraud to take place, collusion would need to be committed, meaning more than
one person would have to be involved in the fraudulent activity Job rotation in the workplace is a system where
employees work at several jobs in a business, performing each job for a relatively short period of time.
Incorrect Answers:
B: Programmers being permitted to use the system console is not an example of separation of duties.
Separation of duties requires that another person is required to do something thus reducing the chance of
fraud.
C: Console operators being permitted to mount tapes and disks is not an example of separation of duties.
Separation of duties requires that another person is required to do something thus reducing the chance of
fraud.
D: Tape operators being permitted to use the system console is not an example of separation of duties.
Separation of duties requires that another person is required to do something thus reducing the chance of
fraud.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 1235-1236


Leave a Reply