An enterprise wants to reduce single points of compromise in its credential management pipeline by adopting a trust arrangement with separate oversight for identity checks and cryptographic distribution. Which solution best achieves that goal?
Assign distinct teams, one for verifying authenticity and another for providing keys
Rely on an automated system that completes identity checks and credentials at once
Allow departments to handle their own distribution with minimal oversight
Use a single procedure that checks identity and issues credentials in the same step
Dividing roles ensures that the group verifying authenticity does not also grant credentials, preventing a single breach from breaking the entire trust model. Combining identity checks and distribution in one place consolidates power and raises risk. Granting departments their own distribution oversight lacks rigorous reviews. Turning all duties over to an automated approach does not involve meaningful separation of responsibilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of separation of duties in security?
Open an interactive chat with Bash
How does cryptographic key distribution work in this process?
Open an interactive chat with Bash
What are the risks of combining identity checks and key distribution?