nerdexam
Isaca

CDPSE · Question #181

Which of the following principles is MOST important to apply when granting access to an enterprise resource planning (ERP) system that contains a significant amount of personal data?

The correct answer is B. Least privilege. Least privilege means users are granted only the minimum level of access required to perform their job functions-nothing more. It is the most fundamental principle governing access control to systems containing personal data because it directly limits who can access what, reducin

Privacy Architecture

Question

Which of the following principles is MOST important to apply when granting access to an enterprise resource planning (ERP) system that contains a significant amount of personal data?

Options

  • ARead-only access
  • BLeast privilege
  • CSegregation of duties
  • DData minimization

How the community answered

(30 responses)
  • A
    3% (1)
  • B
    87% (26)
  • C
    3% (1)
  • D
    7% (2)

Explanation

Least privilege means users are granted only the minimum level of access required to perform their job functions-nothing more. It is the most fundamental principle governing access control to systems containing personal data because it directly limits who can access what, reducing the risk of unauthorized exposure, misuse, or breach. While read-only access is one expression of least privilege, it is not universally applicable. Segregation of duties and data minimization are complementary controls, but they operate at different layers-least privilege is the overarching principle that governs how access is provisioned in the first place.

Topics

#Access Control#Least Privilege#ERP Security#Personal Data Protection

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice