CompTIA Security+ (SY0-501) — Question 620

An organization has a policy in place that states the person who approves firewall controls/changes cannot be the one implementing the changes. Which of the following is this an example of?

Answer options

• A. Change management
• B. Job rotation
• C. Separation of duties
• D. Least privilege

Correct answer: C

Explanation

The correct answer is C, Separation of duties, as it ensures that no single individual has control over all aspects of a critical process, reducing the risk of fraud or error. Options A and B do not specifically address the need for distinct roles in implementing and approving changes, while D, Least privilege, pertains to limiting user access rights rather than role separation.