nerdexam
Exams312-50V11Questions#587
EC-Council

312-50V11 · Question #587

312-50V11 Question #587: Real Exam Question with Answer & Explanation

The correct answer is A: limited to those functions required to do the job.. Least privilege restricts user access to only the permissions and functions necessary to perform their assigned job duties.

Information Security and Ethical Hacking Fundamentals

Question

Least privilege is a security concept that requires that a user is

Options

  • Alimited to those functions required to do the job.
  • Bgiven root or administrative privileges.
  • Ctrusted to keep all data and access to that data under their sole control.
  • Dgiven privileges equal to everyone else in the department.

Explanation

Least privilege restricts user access to only the permissions and functions necessary to perform their assigned job duties.

Common mistakes.

  • B. Granting root or administrative privileges is the opposite of least privilege, as it provides far more access than most roles require.
  • C. Sole control over data by a single user does not reflect least privilege - it describes a lack of oversight and could enable insider threats.
  • D. Equalizing privileges across a department ignores individual role requirements and may grant users more access than their specific job functions demand.

Concept tested. Principle of least privilege access control

Reference. https://csrc.nist.gov/glossary/term/least_privilege

Topics

#least privilege#access control#security principles#authorization

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V11 Practice