Least privilege vs separation of duties

I came across a question worded similarly to the following:

An administrator is provided two accounts:

Administrative privileges (no network privileges)
Network services (no admin privileges)

Which describes this scenario?

A. Mandatory Access Control
B. Least Privilege
C. Separation of duties
D. Multi-factor authentication

The answer is "B", but why not "C"?

Find more posts tagged with

Comments

Darril

The separation of duties principle separates the duties for a specific activity between two or more people. In your example, only one person (the administrator) is mentioned.

While this is a good account management practice, I'm not sure it's a good example of a least privilege though.

I'm thinking you must be pretty close to taking this exam. Do you have a target date in mind?

cyberguypr

Just wanted to add a link that digs into the concept of separation of duties. There you can see clear examples of its importance in IT.

Separation of Duties in Information Technology