Exam CAS-004 topic 1 question 309 discussion

o D. Least privilege: to meet the security requirements of assigning permissions based on role, preventing fraud from a single person, and ensuring no single entity has full access control. This security principle means granting users only the minimum level of access needed to perform their job functions, effectively limiting their ability to access sensitive data or perform unauthorized actions. o B. Separation of duties: While important for preventing fraud, it might not fully address the requirement of limiting access for individual users. Separation of duties ensures that critical tasks are handled by different people, but it doesn't necessarily restrict individual user access to sensitive data if they have the necessary role-based permissions.

B. agree, it implies all the requirements.

B. Separation of duties The company can use the concept of Separation of Duties to meet these requirements. Here's how each requirement aligns with Separation of Duties: Permissions based on role: Separation of Duties ensures that permissions and responsibilities are divided among multiple individuals or roles. This means that different roles will have different sets of permissions based on their responsibilities. Preventing fraud from a single person: By separating critical tasks or functions, it becomes more difficult for a single individual to carry out fraudulent activities without detection. This helps to mitigate the risk of fraud. Preventing a single entity from having full access control: Separation of Duties ensures that no single entity or individual has full control or authority over all aspects of a system or process. This reduces the risk of misuse or abuse of privileges.

Separation of duties for sure!