CISSP Sybex Official Study Guide Chapter 16 Review Questions Flashcards
An organization ensures that users are granted access to only the data they need to perform specific work tasks. What principle are they following?
A. Principle of least permission
B. Separation of duties
C. Need-to-know
D. Role Based Access Control
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 732). Wiley. Kindle Edition.
An administrator is granting permissions to a database. What is the default level of access the administrator should grant to new users in the organization?
A. Read
B. Modify
C. Full access
D. No access
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 732). Wiley. Kindle Edition.
Which of the following statements best describes why separation of duties is important for security purposes?
A. It ensures that multiple people can do the same job.
B. It prevents an organization from losing important information when they lose important people.
C. It prevents any single IT security person from making major security changes without involving other individuals.
D. It helps employees concentrate their talents where they will be most useful.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 732). Wiley. Kindle Edition.
What is a primary benefit of job rotation and separation of duties policies?
A. Preventing collusion
B. Preventing fraud
C. Encouraging collusion
D. Correcting Incidents
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 732). Wiley. Kindle Edition.
