Home
Certification Preparation
(ISC)²
SSCP
CISSP question
ankurj.hazarika
The ability of one person in the finance department to add vendors to the vendor database and subsequently pay the vendor violates which concept?
A.A well-formed transaction
B.Separation of duties
C.Least privilege
D.Sensitivity level
Which one and why?
Find more posts tagged with
Comments
Archon
B.Separation of duties
ankurj.hazarika
[FONT="]I am of the same opinion man, but the site says “c”. How the hell can it be “c”? The site didn’t provide any explanation.[/FONT]
cyberguypr
What site was that? You may need a new study resource. This question appears verbatim in the OIG and has B as the answer.
"Separation of duties ensures fraud or other undesirable behavior cannot occur without collusion between two or more parties"
beads
Many quiz books and sites will fall victim to either well meaning editing, typesetting or an authors blunder. Sometimes you read these things and you just have to wonder where it went wrong.
Now, if your source has many of these little mistakes. Get rid of it. If this is just a single one-off then mark the answer correctly but there is no disagreement as to the intended answer should be: B.) Separation of Duties. One person adding vendors to a database. No one to authorize the addition. Same said person is also paying vendors from the same database. Really needs three people to complete this transaction. In audit this would be a lack of compensating control as well.
Never seen any study guide to be 100 percent correct and even occasionally on a test as well.
- b/eads
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
