CERTIFIED-IN-CYBERSECURITY Question #547: Real Exam Question with Answer & Explanation

Question

Which of the following is an example of the principle of least privilege?

Options

• AUsers can only access the assets they need for their role and nothing more
• BUsers have the privilege to control who can access their information
• CUsers can access all items but can only modify the ones they need
• DUsers have unrestricted access to all information

Explanation

A policy that defines the rules that assign access to authorized individuals. Administrative controls are non-technical measures used to manage and control access to data. They include policies, procedures, and guidelines that determine who has access to data and under what conditions (see the ISC2 Study Guide, Chapter 3, Module 1). For example, a policy might specify that only IT administrators can access certain servers during certain hours. For example, a data center might have a policy that only authorized personnel with certain levels of clearance can access the server rooms. This policy, which is an administrative control, would define who those authorized individuals are, what clearance they need, and the process for gaining access. The other options are not examples of administrative controls. A barrier is a physical control used to prevent unauthorized physical access to data storage devices. An access control list is a technical control that prevents unauthorized network access to data. A guard dog is a physical control used to deter and detect unauthorized physical access to the data center.

No community discussion yet for this question.