CISSP question

ankurj.hazarikaankurj.hazarika Member Posts: 56 ■■□□□□□□□□
in SSCP
The ability of one person in the finance department to add vendors to the vendor database and subsequently pay the vendor violates which concept?


A.A well-formed transaction
B.Separation of duties
C.Least privilege
D.Sensitivity level

Which one and why?
· Share on FacebookShare on Twitter

Comments

  • ArchonArchon Member Posts: 183 ■■■□□□□□□□
    B.Separation of duties
    · Share on FacebookShare on Twitter
  • ankurj.hazarikaankurj.hazarika Member Posts: 56 ■■□□□□□□□□
    [FONT=&quot]I am of the same opinion man, but the site says “c”. How the hell can it be “c”? The site didn’t provide any explanation.[/FONT]
    · Share on FacebookShare on Twitter
  • cyberguyprcyberguypr Mod Posts: 6,927 Mod
    What site was that? You may need a new study resource. This question appears verbatim in the OIG and has B as the answer.

    "Separation of duties ensures fraud or other undesirable behavior cannot occur without collusion between two or more parties"
    · Share on FacebookShare on Twitter
  • beadsbeads Member Posts: 1,525 ■■■■■■■■■□
    Many quiz books and sites will fall victim to either well meaning editing, typesetting or an authors blunder. Sometimes you read these things and you just have to wonder where it went wrong.

    Now, if your source has many of these little mistakes. Get rid of it. If this is just a single one-off then mark the answer correctly but there is no disagreement as to the intended answer should be: B.) Separation of Duties. One person adding vendors to a database. No one to authorize the addition. Same said person is also paying vendors from the same database. Really needs three people to complete this transaction. In audit this would be a lack of compensating control as well.

    Never seen any study guide to be 100 percent correct and even occasionally on a test as well.

    - b/eads
    · Share on FacebookShare on Twitter
Sign In or Register to comment.