A financial services company wants to enforce segregation of duties (SoD) between its application developers and its quality assurance (QA) team. Both teams need to work on the same development server. Which of the following is the MOST effective and efficient method for a security administrator to implement SoD in this scenario?
Require developers to check in their code, which a manager then manually deploys for the QA team.
Grant both teams administrative privileges but enable a detailed audit log to track all actions.
Implement role-based access control (RBAC) to assign distinct permissions to the developer and QA roles on the server.
Procure a second, identical server for the QA team to perform their testing.
The most effective and efficient way to enforce segregation of duties on a shared system is to use logical access controls. Implementing role-based access control (RBAC) allows the administrator to create distinct roles for developers and QA testers with specific permissions tailored to their job functions. This prevents developers from approving their own code or accessing QA tools, and vice-versa, directly on the same machine without the need for costly and inefficient physical separation. Relying solely on an audit trail without preventative controls violates the principle of SoD. Procuring a separate server is not efficient, and while a manual approval process through a manager is a form of SoD, it is not the most efficient technical control to implement on the server itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is role-based access control (RBAC) and how does it work?
Open an interactive chat with Bash
What is the principle of segregation of duties (SoD) and why is it important?
Open an interactive chat with Bash
Why is implementing a second server not an efficient solution in this case?