WGU C795 COMPREHENSIVE EXAM EXAM
SCRIPT SOLVED QUESTIONS 2026
GRADED A+.
◍ Need-to-know focuses on permissions and the ability to access
information, whereas least privilege focuses on privileges.Answer:
◍ The principle of least privilege relies on the assumption that all
users have a well-defined job description that personnel understand.
Without a specific job description, it is not possible to know what
privileges users need..Answer:
◍ Separation of duties and responsibilities ensures that no single
person has total control over a critical function or system. This is
necessary to ensure that no single person can compromise the system
or its security. Instead, two or more people must conspire or collude
against the organization, which increases the risk for these people.A
separation of duties policy creates a checks-and-balances system
where two or more users verify each other's actions and must work in
concert to accomplish necessary work tasks..Answer:
◍ Segregation of Duties
Segregation of duties is similar to a separation of duties and
responsibilities policy, but it also combines the principle of least
privilege. The goal is to ensure that individuals do not have excessive
system access that may result in a conflict of interest. When duties are
, properly segregated, no single employee will have the ability to
commit fraud or make a mistake and have the ability to cover it up.
It's similar to separation of duties in that duties are separated, and it's
also similar to a principle of least privilege in that privileges are
limited..Answer:
◍ Two-Person Control
Two-person control (often called the two-man rule) requires the
approval of two individuals for critical tasks. For example, safe
deposit boxes in banks often require two keys. A bank employee
controls one key and the customer holds the second key. Both keys
are required to open the box, and bank employees allow a customer
access to the box only after verifying the customer's identification.
Using two-person controls within an organization ensures peer review
and reduces the likelihood of collusion and fraud..Answer:
◍ A segregation of duties policy is highly relevant for any company
that must abide by the Sarbanes-Oxley Act (SOX) of 2002 because
SOX specifically requires it. However, it is also possible to apply
segregation of duties policies in any IT environment..Answer:
◍ Split knowledge combines the concepts of separation of duties and
two-person control into a single solution. The basic idea is that the
information or privilege required to perform an operation be divided
among two or more users. This ensures that no single person has
sufficient privileges to compromise the security of the
environment.Answer:
SCRIPT SOLVED QUESTIONS 2026
GRADED A+.
◍ Need-to-know focuses on permissions and the ability to access
information, whereas least privilege focuses on privileges.Answer:
◍ The principle of least privilege relies on the assumption that all
users have a well-defined job description that personnel understand.
Without a specific job description, it is not possible to know what
privileges users need..Answer:
◍ Separation of duties and responsibilities ensures that no single
person has total control over a critical function or system. This is
necessary to ensure that no single person can compromise the system
or its security. Instead, two or more people must conspire or collude
against the organization, which increases the risk for these people.A
separation of duties policy creates a checks-and-balances system
where two or more users verify each other's actions and must work in
concert to accomplish necessary work tasks..Answer:
◍ Segregation of Duties
Segregation of duties is similar to a separation of duties and
responsibilities policy, but it also combines the principle of least
privilege. The goal is to ensure that individuals do not have excessive
system access that may result in a conflict of interest. When duties are
, properly segregated, no single employee will have the ability to
commit fraud or make a mistake and have the ability to cover it up.
It's similar to separation of duties in that duties are separated, and it's
also similar to a principle of least privilege in that privileges are
limited..Answer:
◍ Two-Person Control
Two-person control (often called the two-man rule) requires the
approval of two individuals for critical tasks. For example, safe
deposit boxes in banks often require two keys. A bank employee
controls one key and the customer holds the second key. Both keys
are required to open the box, and bank employees allow a customer
access to the box only after verifying the customer's identification.
Using two-person controls within an organization ensures peer review
and reduces the likelihood of collusion and fraud..Answer:
◍ A segregation of duties policy is highly relevant for any company
that must abide by the Sarbanes-Oxley Act (SOX) of 2002 because
SOX specifically requires it. However, it is also possible to apply
segregation of duties policies in any IT environment..Answer:
◍ Split knowledge combines the concepts of separation of duties and
two-person control into a single solution. The basic idea is that the
information or privilege required to perform an operation be divided
among two or more users. This ensures that no single person has
sufficient privileges to compromise the security of the
environment.Answer:
