Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data?
A.
Limiting the local access of operations personnel
Suggested Answer:A🗳️
The questions specifically said: "within a different function" which eliminate Job Rotation as a choice. Management monitoring of audit logs is a detective control and it would not prevent collusion. Changing passwords regularly would not prevent such attack. This question validates if you understand the concept of separation of duties and least privilege. By having operators that have only the minimum access level they need and only what they need to do their duties within a company, the operations personnel would be force to use collusion to defeat those security mechanism. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Currently there are no comments in this discussion, be the first to comment!
This section is not available anymore. Please use the main Exam Page.SSCP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Comments