An organization is attempting to strengthen the configuration of its enterprise resource planning (ERP) software in order to enforce sufficient segregation of duties (SoD). Which of the following approaches would BEST improve SoD effectiveness?
A.
Implementation of frequent audits of access and activity in the ERP by a separate team with no operational duties
B.
Implementation of strengthened authentication measures including mandatory second-factor authentication
C.
Review of ERP access profiles to enforce the least-privilege principle based on existing employee responsibilities
D.
Review of employee responsibilities and ERP access profiles to differentiate mission activities from system support activities
D is correct.
Reviewing ERP access profiles to enforce the least-privilege principle based on existing employee responsibilities is a good practice to ensure that employees have access only to the data and functionality they need to perform their job duties. However, it does not directly address SoD and may not be effective in preventing SoD violations.
NOT C. Least-privilege principle related to limiting access but is not specific to SoD, which focuses on separating roles and responsibilities, not just limiting access.
D is correct. C is incorrect because it is really not doing anything to change anything from the current environment, thus by default, it cannot improve it.
the queationwas asking which one wuld best improve SoD. keyword-Improve. how to improve? first, Review ERP profiles basd on empoee responsibilities, also enforce extra menasure : least privilege. this is called improve.
A&D - No improve,
B- has MFA as extra measure but MFA was for authenticaiton. nothing to dowith SoD.
D. Review of employee responsibilities and ERP access profiles to differentiate mission activities from system support activities........seems to make more sense than C.
D is probably correct BUT D states specifics. I was advised in the CISSP course to go for general overall answers. C seems better since it's not as specific and mentions the right terms. Also, D lists mission and system support, but there are more duties that need to be separated. D also talks about reviewing duties and access in the ERP system, but the question only talks about ERP. It just seems like D is there to throw you off.
Although CISSP does like audits very much, an audit that covers access and activity (and not job functions) is probably not enough. Also independant team is somewhat vague. We need auditors for an audit, internal or external.
I agree with D, I was going with C but the word "existing" tells me previous or past tense, meaning that responsibilities could have changed and least privilege rule may cause issues. D shows an active real time analysis of current responsibilities matching job duties
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Rollingalx
Highly Voted 2 years, 1 month agojackdryan
1 year, 11 months agoBigITGuy
Most Recent 2 weeks agoDtony66
10 months, 1 week agoHongjun
1 year agoSoleandheel
1 year, 4 months agoHughJassole
1 year, 10 months ago[Removed]
2 years agoBodatiousbob
2 years, 1 month ago