A manager identified two conflicting sensitive user functions that were assigned to a single user account that had the potential to result in financial and regulatory risk to the company. The manager MOST likely discovered this during which of the following?
Correct Answer: B
Separation of duties is a security principle that requires that no single person or entity should be able to perform two or more conflicting or sensitive functions that could result in fraud, misuse, or compromise of the system or data. Separation of duties analysis is the process of identifying and resolving such conflicts of interest or incompatible functions. A manager who discovers that a single user account has been assigned two conflicting sensitive user functions, such as approving and recording transactions, has most likely performed a separation of duties analysis. Security control assessment, network access control review, and federated identity management evaluation are not directly related to the identification of conflicting user functions.
References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, Security Governance Through Principles and Policies, page 24. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 1, Security and Risk Management, page 42.