CERTIFIED-IN-CYBERSECURITY Question #518: Real Exam Question with Answer & Explanation

Question

Which is one PRIMARY benefit of having the least privilege principle?

Options

• ATo simplify the process of user account creation
• BTo minimize the risk of unauthorized access to sensitive data
• CTo reduce the number of users accounts in the system
• DTo simplify the process of giving privilege to an account

Explanation

The primary benefit of implementing least privilege is to minimize the risk of unauthorized access to sensitive data. The principle of least privilege dictates that users should be granted only the minimum privileges necessary to perform their job functions (see ISC2 Study Guide, Chapter 5, Module 3). This principle reduces the potential damage that an insider threat or compromised user account can cause. For example, a customer service representative at a bank should only need access to customer account information, not the bank's financial data or other customers' personal information. Simplifying the process of granting privileges to an account is not the primary benefit of least privilege. While it may make the process more efficient, the primary goal is to improve security, not simplify procedures. Reducing the number of user accounts in the system is not a direct benefit of least privilege. The principle focuses on limiting the access rights of individual users, not on reducing the number of users. Simplifying the creation of user accounts is not a primary benefit of least privilege. While it may streamline operations, the primary goal is to improve security by limiting access to sensitive data

No community discussion yet for this question.