350-401 · Question #459
Which design principle slates that a user has no access by default to any resource, and unless a resource is explicitly granted, it should be denied?
The correct answer is B. fail-safe defaults. Fail-safe defaults (B) is correct because this principle establishes that the default state for any resource is denial of access - access must be explicitly and intentionally granted, rather than explicitly revoked. This "deny by default, permit by exception" approach ensures tha
Question
Which design principle slates that a user has no access by default to any resource, and unless a resource is explicitly granted, it should be denied?
Options
- Aleast privilege
- Bfail-safe defaults
- Ceconomy of mechanism
- Dcomplete mediation
How the community answered
(27 responses)- B96% (26)
- C4% (1)
Explanation
Fail-safe defaults (B) is correct because this principle establishes that the default state for any resource is denial of access - access must be explicitly and intentionally granted, rather than explicitly revoked. This "deny by default, permit by exception" approach ensures that mistakes or omissions in configuration result in a secure (denied) state rather than an open one.
- Least privilege (A) is wrong because it focuses on limiting users to only the permissions they need to perform their job, not on the baseline default state of access.
- Economy of mechanism (C) is wrong because it refers to keeping security designs simple and small to reduce the attack surface and minimize errors.
- Complete mediation (D) is wrong because it requires that every access request to every resource be checked and verified, rather than defining what the default access state should be.
Memory tip: Think of "fail-safe" like a locked door - if the system fails or no one has acted, the door stays safely locked. The default is always "no entry" unless someone explicitly unlocks it.
Topics
Community Discussion
No community discussion yet for this question.