Review Questions



                1.  An organization ensures that users are granted access to only the
                    data they need to perform specific work tasks. What principle are
                    they following?

                    A.  Principle of least permission

                    B.  Separation of duties

                    C.  Need-to-know


                    D.  Role Based Access Control
                2.  An administrator is granting permissions to a database. What is

                    the default level of access the administrator should grant to new
                    users in the organization?

                    A.  Read

                    B.  Modify

                    C.  Full access

                    D.  No access

                3.  Which of the following statements best describes why separation of
                    duties is important for security purposes?


                    A.  It ensures that multiple people can do the same job.

                    B.  It prevents an organization from losing important information
                        when they lose important people.

                    C.  It prevents any single IT security person from making major
                        security changes without involving other individuals.

                    D.  It helps employees concentrate their talents where they will be
                        most useful.

                4.  What is a primary benefit of job rotation and separation of duties

                    policies?

                    A.  Preventing collusion