A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit
shows that there have been four cases in the previous year where tellers opened accounts without
management approval. The bank president thought separation of duties would prevent this from happening. In
order to implement a true separation of duties approach the bank could:
A.
Require the use of two different passwords held by two different individuals to open an account
B.
Administer account creation on a role based access control approach
C.
Require all new accounts to be handled by someone else other than a teller since they have different duties
D.
Administer account creation on a rule based access control approach
Is there anybody who knows correct answer?
I think it could be also A. The main idea of separation of duties is to not provide one person full control. If we choose A this approach will is observed.
The correct answer is A.
I disagree. The statement requires that a manager must give approval, not tellers. If you select ‘A’, whose to say that they aren’t both Tellers. The key phrase here is ‘someone else other than the Teller’ as the scenario states.
I would say it is D. The teller can create the account ONLY IF the manager gives approval. This is rule-based.
ATTENTION PLEASE!!!
The SY0-401 Exam Will Retire On July 31, 2018, and then the New Exam is SY0-501!
New SY0-501 Exam Questions and Answers (7/Nov/2017 Updated):
NEW QUESTION 130
A user has attempted to access data at a higher classification level than the user’s account is currency authorized to access. Which of the following access control models has been applied to this user’s account?
A. MAC
B. DAC
C. RBAC
D. ABAC
Answer: D
NEW QUESTION 131
A company determines that it is prohibitively expensive to become compliant with new credit card regulations. Instead, the company decides to purchase insurance to cover the cost of any potential loss. Which of the following is the company doing?
A. Transferring the risk
B. Accepting the risk
C. Avoiding the risk
D. Mitigating the risk
Answer: A
NEW QUESTION 132
An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has been specified?
A. RTO
B. RPO
C. MTBF
D. MTTR
Answer: B
NEW QUESTION 133
An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, impact of similar incidents. Which of the following would assist Company.com with its goal?
A. Certificate pinning
B. Certificate stapling
C. Certificate chaining
D. Certificate with extended validation
Answer: D
NEW QUESTION 134
Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing?
A. ACLs
B. HIPS
C. NAT
D. MAC filtering
Answer: D
NEW QUESTION 135
A company wants to host a publicly available server that performs the following functions:
– Evaluates MX record lookup
– Can perform authenticated requests for A and AAA records
– Uses RRSIG
Which of the following should the company use to fulfill the above requirements?
A. DNSSEC
B. SFTP
C. nslookup
D. dig
Answer: C
NEW QUESTION 136
Which of the following attack types BEST describes a client-side attack that is used to mandate an HTML iframe with JavaScript code via web browser?
A. MITM
B. xss
C. SQLi
Answer: B
NEW QUESTION 137
A company has a data classification system with definitions for “Private” and “public”. The company’s security policy outlines how data should be protected based on type. The company recently added the data type “Proprietary”. Which of the following is the MOST likely reason the company added this data type?
A. Reduced cost
B. More searchable data
C. Better data classification
D. Expanded authority of the privacy officer
Answer: B
NEW QUESTION 138
A security administrator is developing training for corporate users on basic security principles for personal email accounts. Which of the following should be mentioned as the MOST secure way for password recovery?
A. Utilizing a single Qfor password recovery
B. Sending a PIN to a smartphone through text message
C. Utilizing CAPTCHA to avoid brute force attacks
D. Use a different e-mail address to recover password
Answer: B
NEW QUESTION 139
A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following?
A. Change management procedures
B. Job rotation policies
C. Incident response management
D. Least privilege access controls
Answer: A
NEW QUESTION 140
A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it. Which of the following should be done to prevent this scenario from occurring again in the future?
A. Install host-based firewalls on all computers that have an email client installed
B. Set the email program default to open messages in plain text
C. Install end-point protection on all computers that access web email
D. Create new email spam filters to delete all messages from that sender
Answer: C
NEW QUESTION 141
……
You Can Get The Newest SY0-501 Dumps In PDF And VCE From — https://www.passleader.com/sy0-501.html (166q VCE and PDF)
Good Luck!
By the way, SOME new 166Q SY0-501 dumps are available here:
https://drive.google.com/open?id=1Ei1CtZKTLawI_2jpkecHaVbM_kXPMZAu
Best Regards!
I think it is B – Role-based access control and separation of duties association
I thought the answer was B, too. At least it can’t be D.
Anyone see C as an answer? I think it is C since teller has a main role of taking care of customer bank transaction, taking the creating of new account duities completely out of them. Well most banks are following this procedure anyway in real world.