Examice

Exam CISSP All QuestionsBrowse all questions from this exam

Question 406

An organization is attempting to strengthen the configuration of its enterprise resource planning (ERP) software in order to enforce sufficient segregation of duties (SoD). Which of the following approaches would BEST improve SoD effectiveness?

Implementation of frequent audits of access and activity in the ERP by a separate team with no operational duties

Implementation of strengthened authentication measures including mandatory second-factor authentication

Review of ERP access profiles to enforce the least-privilege principle based on existing employee responsibilities

Review of employee responsibilities and ERP access profiles to differentiate mission activities from system support activities

Correct Answer: D

To improve the effectiveness of segregation of duties (SoD) within an ERP system, the best approach is to review employee responsibilities and ERP access profiles proactively. By differentiating mission-critical activities from system support activities, it becomes possible to ensure that no single individual has control over all critical aspects of a business process, thereby reducing the risk of fraud or error. This method focuses on the proper allocation of duties, directly addressing potential SoD violations and aligning with current job functions.

Discussion

RollingalxOption: D

D is correct. Reviewing ERP access profiles to enforce the least-privilege principle based on existing employee responsibilities is a good practice to ensure that employees have access only to the data and functionality they need to perform their job duties. However, it does not directly address SoD and may not be effective in preventing SoD violations.

jackdryan

D is correct

BodatiousbobOption: D

I agree with D, I was going with C but the word "existing" tells me previous or past tense, meaning that responsibilities could have changed and least privilege rule may cause issues. D shows an active real time analysis of current responsibilities matching job duties

HongjunOption: C

the queationwas asking which one wuld best improve SoD. keyword-Improve. how to improve? first, Review ERP profiles basd on empoee responsibilities, also enforce extra menasure : least privilege. this is called improve. A&D - No improve, B- has MFA as extra measure but MFA was for authenticaiton. nothing to dowith SoD.

Dtony66Option: D

D is correct. C is incorrect because it is really not doing anything to change anything from the current environment, thus by default, it cannot improve it.

SoleandheelOption: D

D. Review of employee responsibilities and ERP access profiles to differentiate mission activities from system support activities........seems to make more sense than C.

HughJassoleOption: C

D is probably correct BUT D states specifics. I was advised in the CISSP course to go for general overall answers. C seems better since it's not as specific and mentions the right terms. Also, D lists mission and system support, but there are more duties that need to be separated. D also talks about reviewing duties and access in the ERP system, but the question only talks about ERP. It just seems like D is there to throw you off.

[Removed]Option: D

Although CISSP does like audits very much, an audit that covers access and activity (and not job functions) is probably not enough. Also independant team is somewhat vague. We need auditors for an audit, internal or external.