Effective CISSP Questions

Your organization has a tight budget and cannot afford to hire more employees so that you have to cover the work of software development and operations. Which of the following security principles is the best to mitigate the dilemma? (Wentz QOTD)
A. M of N control
B. Separation of duties
C. Zero-knowledge proof
D. Separation of privilege

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Separation of privilege.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Separation of duties and separation of privilege look similar but have minute differences. When designing a job, we follow the separation of duties to prevent corruption, while separation of privilege is more system-specific. For example, system administrators nowadays typically log into the system using a normal user account; privilege accounts are used only if tasks require them.


您的組織預算緊張,無法僱用更多員工,因此您必須承擔軟件開發和運營的工作。 以下哪項安全原則最能緩解這種困境? (Wentz QOTD)
A. M of N 控制
B. 職責分離
C. 零知識證明
D. 特權分離

Leave a Reply