A policy that states a user must have a business requirement to view data before attempting to do so is an exa

seenagapeAugust 3, 2012

A policy that states a user must have a business requirement to view data before attempting to do so is an example of enforcing what?

PrepAway - Latest Free Exam Questions & Answers

A.
Least privilege

B.
Need to know

C.
Rotation of duties

D.
Separation of duties

Explanation:
Answer B is correct; need to know means the user must have a need (requirement) to access a specific object before doing so.
Incorrect Answers and Explanations: A, C, and D: Answers A, C, and D are incorrect. Least privilege is less granular than need to know: users have the least amount of privilege to do their jobs, but objects are still typically grouped together (such as allowing access to all backup tapes for a backup administrator). Separation of duties is designed to divide sensitive tasks among multiple subjects. Rotation of duties is designed to mitigate collusion.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISC Exam Questions

Free ISC2 Study Guide

A policy that states a user must have a business requirement to view data before attempting to do so is an exa

Leave a Reply Cancel reply