A company is designing a new system that must have high security. This new system has the following requirements: Permissions must be assigned based on role. Fraud from a single person must be prevented. A single entity must not have full access control. Which of the following can the company use to meet these requirements?

The correct answer is: B. Separation of duties Separation of duties is a security principle designed to prevent fraud and reduce the risk of errors or malicious actions by ensuring that no single person has complete control over a critical process or system. In this case: Permissions assigned based on role: Separation of duties aligns with role-based access control (RBAC), where different roles are assigned specific permissions to avoid overlapping responsibilities. Fraud prevention: By dividing responsibilities among multiple individuals, no single person has enough access or authority to commit fraud without collusion. No single entity with full control: Separation of duties ensures that critical actions (e.g., authorizing, executing, and reviewing transactions) are distributed among multiple roles. Why the other options are incorrect: Dual responsibility: Incorrect: Dual responsibility requires two people to perform a task together, which is related but does not directly implement role-based permissions or address separation of critical responsibilities. Need to know: Incorrect: Need to know restricts access to information based on what is necessary for a role or task but does not explicitly prevent full access control or address the division of responsibilities. Least privilege: Incorrect: Least privilege ensures that users only have the minimum permissions needed to perform their tasks. While important for security, it does not explicitly address dividing responsibilities or preventing fraud from a single individual.

A company is designing a new system that must have high secu

A company is designing a new system that must have high secu - CompTIA CAS-005

Question

A company is designing a new system that must have high security. This new system has the following requirements:

Permissions must be assigned based on role.
Fraud from a single person must be prevented.
A single entity must not have full access control.

Which of the following can the company use to meet these requirements?

Answers

Dual responsibility
correct

Separation of duties
Need to know
Least privilege

Explanation

The correct answer is: B. Separation of duties

Separation of duties is a security principle designed to prevent fraud and reduce the risk of errors or malicious actions by ensuring that no single person has complete control over a critical process or system. In this case:

Permissions assigned based on role: Separation of duties aligns with role-based access control (RBAC), where different roles are assigned specific permissions to avoid overlapping responsibilities.
Fraud prevention: By dividing responsibilities among multiple individuals, no single person has enough access or authority to commit fraud without collusion.
No single entity with full control: Separation of duties ensures that critical actions (e.g., authorizing, executing, and reviewing transactions) are distributed among multiple roles.

Why the other options are incorrect:

Dual responsibility:

Incorrect: Dual responsibility requires two people to perform a task together, which is related but does not directly implement role-based permissions or address separation of critical responsibilities.

Need to know:

Incorrect: Need to know restricts access to information based on what is necessary for a role or task but does not explicitly prevent full access control or address the division of responsibilities.

Least privilege:

Incorrect: Least privilege ensures that users only have the minimum permissions needed to perform their tasks. While important for security, it does not explicitly address dividing responsibilities or preventing fraud from a single individual.

View Full Course Content Try our Free Questions

No Payment Cards Needed

CompTIA SecurityX CAS-005 exam

Normally $60

$45/month

Subjects Included

CompTIA SecurityX CAS-005

Additional Features

Over 300 Practice Questions with Answers
Quizzes in every Lesson Provided
Detailed Analysis of Questions with Answers and Explanations
Detailed Notes with Chapters, Topics & Lessons
24/7 Live chat support
24/7 WhatsApp support
One Full Month Access

Get Started

View Other Pricing Plans

CompTIA Prep

CompTIA Cloud+ CV0-004

Start Course Prep

CompTIA Prep

CompTIA Server+ SK0-005

Start Course Prep

Easy way to pass your test within a week with prepsaret

You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams

View Courses Offered