Appendix B

Answers to Review Questions

Chapter 2

  1. C The definition of the principle of least privilege is granting users only the minimum privileges needed to accomplish assigned work tasks.
  2. B Separation of duties is the process of assigning groups of tasks to different users to prevent collusion and to avoid conflicts of interest. The principle of least privilege is assigning users the minimal amount of access required to accomplish their work tasks. Mandatory access control is a means to control access by using classifications of subjects and objects. Integrity assurance is the process that ensures the controls put in place to maintain data integrity are operating properly.
  3. B Job rotation isn't appropriate because one person is still ...

Get SSCP (ISC)2 Systems Security Certified Practitioner Official Study Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial