Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 463 discussion

Actual exam question from ISC's CISSP
Question #: 463
Topic #: 1
[All CISSP Questions]

An organization wants to ensure that employees that move to a different department within the organization do not retain access privileges from their former department. To this end, the organization has implemented role-based access control (RBAC). Which additional measure is MOST important to successfully limit excess access privileges?

  • A. Business role review
  • B. Line manager review of assigned roles
  • C. Segregation of duties (SoD) review
  • D. Access control matrix
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Rollingalx
Highly Voted 1 year, 8 months ago
I go with A Business role review is the most important additional measure to successfully limit excess access privileges when implementing RBAC
upvoted 10 times
1460168
3 months, 2 weeks ago
That means to review the configuration of the roles in general not in particular wheather they are correct assigned on an employee account or not.
upvoted 1 times
...
jackdryan
1 year, 6 months ago
B is correct
upvoted 1 times
...
...
aaminenaji
Most Recent 1 month ago
Selected Answer: B
Line Manager review complements RBAC by ensuring that access are continuously aligned with job function
upvoted 1 times
...
deeden
3 months, 1 week ago
Selected Answer: B
The line manager is typically responsible for overseeing the activities and responsibilities of employees in their department. A regular review of assigned roles by line managers ensures that employees have the appropriate access privileges for their current job functions and that any access rights associated with their former role are revoked. This ongoing review helps prevent employees from retaining unnecessary or excessive privileges after moving to a new department. While reviewing business roles is important for ensuring that roles align with organizational needs, it does not specifically address the need to remove excess privileges when an employee changes departments.
upvoted 2 times
...
1460168
3 months, 2 weeks ago
Selected Answer: B
I go with B. Somebody has to review the ASSIGNED roles. What roles does the new employee have? Not A: That means to review the configuration of the roles in general not in particular wheather they are correct assigned on an employee account or not.
upvoted 2 times
...
8e1c45b
4 months, 1 week ago
answer is c
upvoted 1 times
...
marziparzi
7 months, 2 weeks ago
Selected Answer: A
SoD is focused on splitting roles into smaller chunks for separate people. Its focus is on preventing abuse of one person or being overly dependent on person. Its primary focus is not to evaluate if a person's role matches their duties. Therefore, I believe it is A. Business role review
upvoted 1 times
...
GeenHersens
9 months ago
Selected Answer: B
I do not think that C (SoD review) is related to the original objective (not retain access privileges when moving departments) but it could be an additional measurement. A & B are a bit the same, but I prefer B (also approved by ChatGPT & Copilot). I really do not like this question.
upvoted 1 times
...
GuardianAngel
9 months, 2 weeks ago
Answer C: Segregation of duties (SoD) review This isn't asking about RBAC. It's asking "Which ADDITIONAL MEASURE...." so after RBAC is implemented, the next step is Separation of Duties. Separation of Duties (SOD) is a fundamental security principle used to prevent fraud and detect errors [5]. Role Based Access Control (RBAC) provides organisations with a platform to implement this security principle. https://www.diva-portal.org/smash/get/diva2:832009/FULLTEXT01.pdf The wording on these questions tries to trick you. A business role review is part of the RBAC that they have "ALREADY implemented" per the question verbiage, so the business role review has already been completed/
upvoted 2 times
...
JBAnalyst
9 months, 3 weeks ago
Take a look at question 454 to gain a better understanding of the usecase of SOD and its review: it does not directly address the issue here
upvoted 1 times
...
JBAnalyst
9 months, 3 weeks ago
Selected Answer: A
segregation or separation of duty aims to distribute task to multiple individual to prevent conflict of interest, fraud, errors, misuse. it does not directly address privilege creep. RBAC and reviews of privileges addresses this issue.
upvoted 1 times
...
629f731
10 months, 1 week ago
Selected Answer: C
"Business role review," is also an important measure in the context of role-based access control (RBAC). However, the question specifically highlights the concern that employees who move to different departments do not retain access privileges from their previous departments. Business role review involves regularly evaluating and reviewing the roles assigned to users to ensure they remain appropriate and necessary. While relevant, Segregation of Duties (SoD) focuses more specifically on preventing an individual from having inappropriate combinations of roles that could lead to excess privileges. SoD helps prevent conflicts of interest and reduces risk by ensuring that certain critical functions are separated.
upvoted 1 times
...
YesPlease
11 months ago
Selected Answer: A
Answer A) Business Role Review Role Based Access Control is literally giving someone access according to the role they are in. You need to review these business roles and analysis if the access they have are still the right ones to have or should be adjusted if the business has changed. https://soterion.com/periodic-review-manager/#:~:text=Business%20Role%20Review
upvoted 1 times
...
Soleandheel
11 months, 1 week ago
C. Segregation of Duties (SoD) review While business role reviews are important for aligning access privileges with an individual's current job responsibilities, segregation of duties (SoD) review is the most important additional measure to successfully limit excess access privileges in conjunction with role-based access control (RBAC). SoD review focuses on ensuring that no single individual is responsible for an entire transaction, thereby preventing the abuse of control and reducing the risk of fraudulent or unethical activities. It is an important element of many common audit, legal, and privacy regulation standards, such as HIPAA, SOX, GDPR, PCI, and SHIELD.
upvoted 1 times
...
InclusiveSTEAM
1 year, 1 month ago
C) Performing a Segregation of Duties (SoD) review is the most important additional measure to limit excess access privileges when implementing Role-Based Access Control (RBAC). An SoD review analyzes user roles and access to ensure the same user does not have permissions that create a conflict of interest or control fraud opportunity. This catches privilege creep due to outdated role assignments. The other options are less effective: A) Business role reviews validate appropriate role design but won't catch outdated role assignments. B) Line manager role reviews are good but managers may lack context to identify SoD conflicts. D) An access control matrix details permissions but does not flag SoD violations.
upvoted 1 times
...
HughJassole
1 year, 5 months ago
B. At my job line managers do periodic access reviews and remove extra.
upvoted 1 times
...
Delab202
1 year, 7 months ago
Selected Answer: C
A review is key. SOD review is the only correct answer. Others don’t do anything.
upvoted 1 times
...
Marzie
1 year, 7 months ago
Selected Answer: B
IGA would typically involve access recert which goes to line manager
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...