CISSP question
ankurj.hazarika
Member Posts: 56 ■■□□□□□□□□
in SSCP
The ability of one person in the finance department to add vendors to the vendor database and subsequently pay the vendor violates which concept?
A.A well-formed transaction
B.Separation of duties
C.Least privilege
D.Sensitivity level
Which one and why?
A.A well-formed transaction
B.Separation of duties
C.Least privilege
D.Sensitivity level
Which one and why?
Comments
-
ankurj.hazarika Member Posts: 56 ■■□□□□□□□□[FONT="]I am of the same opinion man, but the site says “c”. How the hell can it be “c”? The site didn’t provide any explanation.[/FONT]
-
cyberguypr Mod Posts: 6,928 ModWhat site was that? You may need a new study resource. This question appears verbatim in the OIG and has B as the answer.
"Separation of duties ensures fraud or other undesirable behavior cannot occur without collusion between two or more parties" -
beads Member Posts: 1,533 ■■■■■■■■■□Many quiz books and sites will fall victim to either well meaning editing, typesetting or an authors blunder. Sometimes you read these things and you just have to wonder where it went wrong.
Now, if your source has many of these little mistakes. Get rid of it. If this is just a single one-off then mark the answer correctly but there is no disagreement as to the intended answer should be: B.) Separation of Duties. One person adding vendors to a database. No one to authorize the addition. Same said person is also paying vendors from the same database. Really needs three people to complete this transaction. In audit this would be a lack of compensating control as well.
Never seen any study guide to be 100 percent correct and even occasionally on a test as well.
- b/eads