CAS-003 Question #477: Real Exam Question with Answer & Explanation

The correct answer is C: Least privilege. The principle of least privilege states that users should have only the minimum level of access required to perform their job functions. Periodic inspections and reviews of job performance data for privileged users are a key enforcement mechanism - they ensure that employees' acc

Question

A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?

Options

ABackground investigation
BMandatory vacation
CLeast privilege
DSeparation of duties

Explanation

The principle of least privilege states that users should have only the minimum level of access required to perform their job functions. Periodic inspections and reviews of job performance data for privileged users are a key enforcement mechanism - they ensure that employees' access rights remain aligned with their current job responsibilities and that no one retains privileges beyond what is necessary. Over time, roles change, and without periodic reviews, privilege creep occurs. Background investigations (A) are performed prior to hiring or for security clearances, not as recurring reviews of existing employees. Mandatory vacation (B) requires employees to take time off (useful for detecting fraud by observing if issues arise in their absence), but does not involve reviewing job performance data. Separation of duties (D) divides critical tasks among multiple people to prevent fraud, rather than reviewing individual privilege levels.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice