CompTIA Server+ SK0-005 Practice Question

The correct answer is segregation of duties (SoD). This is a security principle that aims to prevent fraud, errors, and abuse by dividing critical tasks among multiple individuals. In the scenario, one administrator controls account creation, permissions, and auditing, creating a single point of compromise. Implementing SoD would require splitting these responsibilities among different people, such as having one person manage accounts, another approve permissions, and a third, independent person conduct audits.

• Role-based access control (RBAC) is a method of managing access based on a user's job function. While RBAC would be used to implement the new permission structure, it is not the overarching principle itself. A single user could still be assigned multiple conflicting roles, violating the principle of SoD.
• Mandatory Access Control (MAC) is a strict, system-enforced access control model based on security labels (e.g., clearance levels). It does not directly address the procedural risk of a single individual holding multiple conflicting responsibilities.
• Delegation is the act of assigning authority for specific tasks to others. While it is a necessary action to implement SoD, it is the mechanism of assignment, not the security principle that guides how those assignments should be structured to prevent conflicts of interest.