CompTIA Security+ (SY0-501) — Question 107

During a third-party audit, it is determined that a member of the firewall team can request, approve, and implement a new rule-set on the firewall.
Which of the following will the audit team most l likely recommend during the audit out brief?

Answer options

• A. Discretionary access control for the firewall team
• B. Separation of duties policy for the firewall team
• C. Least privilege for the firewall team
• D. Mandatory access control for the firewall team

Correct answer: B

Explanation

The correct answer is B, as implementing a Separation of duties policy would prevent any single individual from having complete control over the firewall rules, thus reducing the risk of unauthorized changes. The other options, while relevant to access control, do not specifically address the issue of limiting a single person's control over critical firewall functions.