An organization wants to ensure that they grant users only the permissions they require to perform their job responsibilities. Which security principle describes this approach?
C. Least privilege
The principle of least privilege ensures that users, systems, and processes are granted only the minimum permissions necessary to perform their job responsibilities or tasks.
This approach reduces the risk of accidental or malicious misuse of permissions and helps maintain security.
Why not the other options?
A. Cyber resilience:
This refers to an organization's ability to prepare for, respond to, and recover from cyberattacks. It is broader and does not specifically address user permissions.
B. Zero-trust:
Zero-trust is a security model that assumes no user or device is trusted by default, even if inside the network. While it may include least privilege, it is a broader security philosophy.
D. Security by default:
This means designing systems to be secure out of the box (e.g., secure default configurations). It does not specifically address permissions.
Conclusion:
The principle of least privilege is the security concept that describes granting users only the permissions required to perform their job responsibilities.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
joshnort
2 weeks, 2 days agojoshnort
2 weeks, 2 days ago