nerdexam
EC-Council

312-50V11 · Question #587

Least privilege is a security concept that requires that a user is

The correct answer is A. limited to those functions required to do the job.. Least privilege restricts user access to only the permissions and functions necessary to perform their assigned job duties.

Information Security and Ethical Hacking Fundamentals

Question

Least privilege is a security concept that requires that a user is

Options

  • Alimited to those functions required to do the job.
  • Bgiven root or administrative privileges.
  • Ctrusted to keep all data and access to that data under their sole control.
  • Dgiven privileges equal to everyone else in the department.

How the community answered

(32 responses)
  • A
    94% (30)
  • B
    3% (1)
  • C
    3% (1)

Why each option

Least privilege restricts user access to only the permissions and functions necessary to perform their assigned job duties.

Alimited to those functions required to do the job.Correct

The principle of least privilege mandates that each user, process, or system component be granted only the minimum access rights required to accomplish its legitimate tasks. This limits the potential damage from accidents, errors, or unauthorized use by reducing the attack surface. Restricting users to functions required for their role is the foundational definition of this principle.

Bgiven root or administrative privileges.

Granting root or administrative privileges is the opposite of least privilege, as it provides far more access than most roles require.

Ctrusted to keep all data and access to that data under their sole control.

Sole control over data by a single user does not reflect least privilege - it describes a lack of oversight and could enable insider threats.

Dgiven privileges equal to everyone else in the department.

Equalizing privileges across a department ignores individual role requirements and may grant users more access than their specific job functions demand.

Concept tested: Principle of least privilege access control

Source: https://csrc.nist.gov/glossary/term/least_privilege

Topics

#least privilege#access control#security principles#authorization

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice