exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 9 discussion

Actual exam question from ISC's CISSP
Question #: 9
Topic #: 1
[All CISSP Questions]

Which of the following statements BEST describes least privilege principle in a cloud environment?

  • A. A single cloud administrator is configured to access core functions.
  • B. Internet traffic is inspected for all incoming and outgoing packets.
  • C. Routing configurations are regularly updated with the latest routes.
  • D. Network segments remain private if unneeded to access the internet.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
YesPlease
Highly Voted 1 year ago
Selected Answer: D
Answer D: Why, glad you asked.... Least privilege extends beyond human access. The model can be applied to applications, systems or connected devices that require privileges or permissions to perform a required task. So internet access is being limited until it is needed to perform a specific task. A) is incorrect because they are giving 1 admin all the core roles when they may not need all of them to do their job. Of course the argument can be made that they are the only admin and will need all core admin rights, but that is not the same as limiting access for a particular system or person to only have the rights they need to do their job.
upvoted 11 times
...
somsom
Most Recent 2 months, 1 week ago
a single cloud admin cannot be configured to access core fiction. the risk is high. what if he is not available what will happen to the business? answer is D
upvoted 1 times
...
M_MUN17
2 months, 2 weeks ago
The correct answer is A. A single cloud administrator is configured to access core functions. The principle of least privilege refers to granting users, systems, or processes the minimum level of access or permissions necessary to perform their tasks. In a cloud environment, this means restricting administrative access to only those who need it. For example, having a single cloud administrator with access to core functions aligns with this principle, as it limits the potential for unauthorized or unnecessary access. The other options describe general security practices but do not specifically relate to the principle of least privilege: B. Internet traffic is inspected for all incoming and outgoing packets refers to traffic monitoring. C. Routing configurations are regularly updated with the latest routes refers to network routing management. D. Network segments remain private if unneeded to access the internet relates to network segmentation, not least privilege.
upvoted 1 times
...
celomomo
2 months, 3 weeks ago
Selected Answer: D
I wonder why anyone would even think A is correct. That is a single point of failure and in no way related to PoLP. Least privilege is restricting access to what you or an application need to do its job. A single admin having access to a core service is in no way least privilege. D is the suitable answer.
upvoted 1 times
...
evilCorpBot7494
3 months ago
Selected Answer: D
Correct answer is D. A doesn't describe least privilege, if you needed to have two cloud administrators access core functions, you would have to give them to the second one and that doesn't relate to least privilege at all. That may be more related to segregation of functions if you decide you only need one cloud administrator for that or if you see that having 2 admins and divide their core functions access would be most secure. D, on the other hand, is related to least privilege through segregation of the network, ensuring users in an environment don't access other environments they don't need for their work functions.
upvoted 1 times
...
deeden
4 months, 3 weeks ago
Selected Answer: D
D sound more correct. Network is restricted when if Internet is not required. Option A sound more like a demonstration of elevated privilege, which is right for an administrator.
upvoted 1 times
...
iamlamzzy
6 months ago
Priviledge has to do with access. So, the correct answer is A. Access could've been granted to all the administrators but the key word here is "single".
upvoted 2 times
...
icebw22
7 months, 1 week ago
Answer D, least privilege principal, provider user/resource enough privilege to perform role/duty.
upvoted 1 times
...
homeysl
9 months, 2 weeks ago
Selected Answer: D
Preventing unnecessary access is D. A is a violation of PoLP and is a SPF.
upvoted 1 times
...
Kyanka
9 months, 4 weeks ago
Selected Answer: A
Answer: A - I think what they're trying to refer to is how you create one admin account in cloud environments to do the "core" management and then everything is is delegated to other roles. CISSP tries to be vendor agnostic but it looks like they're describing the MS Azure practice of creating one global admin (or as few as possible) to do certain functions.
upvoted 3 times
...
SKainth
10 months, 2 weeks ago
Selected Answer: A
Least Privilege is basically based on User roles and privileges. BCD are Security Practices.
upvoted 2 times
...
Hackermayne
11 months, 3 weeks ago
Selected Answer: D
I say D, A is close but I don't know if a single admin account that controls the core is the right way to go. Youd likely need one as a (not truly) global, another as a "break glass account" that no one uses and has a fido key in a safe or something somewhere, and the rest of the admins would be granted permissions under those.
upvoted 1 times
...
ochijindu0201_
1 year ago
The correct answer is D. "Network segments remain private if unneeded to access the internet." The least privilege principle in a cloud environment advocates for providing users and systems with the minimum level of access or permissions necessary to perform their tasks or functions. By restricting access to only what is essential, the risk of unauthorized access or potential security breaches is minimized. Option D reflects the least privilege principle by emphasizing that network segments should remain private unless there is a specific need for them to access the internet. This approach helps limit exposure and potential attack vectors, aligning with the concept of least privilege.
upvoted 4 times
...
Soleandheel
1 year ago
The correct answer is A. The reason option D is not the BEST answer in the context of least privilege is that it specifically refers to network segments and their connectivity to the internet. While it is a valid security practice, the least privilege principle is more commonly associated with user and system access permissions rather than network segmentation.
upvoted 3 times
...
BLADESWIFTKNIFE
1 year, 2 months ago
Selected Answer: A
A is correct because the user is doing core functions and D is wrong because you need to ask for higher privileges to access other networks.
upvoted 3 times
...
InclusiveSTEAM
1 year, 2 months ago
Option D is the best answer because it best describes the principle of least privilege in a cloud environment. The least privilege principle states that users should only be given the minimum permissions necessary to perform their duties. Option D reflects this by suggesting network segments remain private and isolated if they don't need internet access. This restricts exposure and limits access to only what is required. Option A is incorrect because having a single admin with full core access violates least privilege. Option B is unrelated to least privilege and describes firewall inspection. Option C refers to network routing, not permissions.
upvoted 4 times
...
MShaaban
1 year, 4 months ago
This is a tricky question. Considering granting access to the internet is a privilege. And considering a network zone in the cloud can host users, applications and services, we can tell that all of those entities are having the least privilege to remain in the private zone unless required. So, D is possible. However, if we stick that the Principle of Least Privilege only applies for users, then it is A. But I am lenient to D.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago