30 Apr Practice Test Question – Payment Request Approval
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Roland’s company requires that supervisors approve payment requests entered by accounting clerks when the total amount of the payment is over $10,000. What type of control is this?
A. Least privilege
B. Separation of duties
C. Job rotation
D. Two-person control
Correct Answer: D
Two-person control requires the concurrence of two individuals for sensitive actions. That is the scenario described here. Separation of duties says that an individual should not have both permissions necessary to perform a sensitive action. This is a closely related, but distinct principle. There is no evidence given that supervisors do not have the ability to create payments, so separation of duties is not in play here.