CISSP-ISSMP · Question #189
CISSP-ISSMP Question #189: Real Exam Question with Answer & Explanation
The correct answer is B: The principle of least privileges.. No matter how technically proficient the users are, it is always proper for an administrator to grant each user the least/lowest privileges possible for them to do their job (thus the term least privileges). You should never grant any user any more access than they require to per
Question
You are the Network Administrator for a software company. Due to the nature of your company's business, you have a significant number of highly computer savvy users. However, you have still decided to limit each user access to only those resources required for their job, rather than give wider access to the technical users (such as tech support and software engineering personnel). What is this an example of?
Options
- AThe principle of maximum control.
- BThe principle of least privileges.
- CProper use of an ACL.
- DPoor resource management.
Explanation
No matter how technically proficient the users are, it is always proper for an administrator to grant each user the least/lowest privileges possible for them to do their job (thus the term least privileges). You should never grant any user any more access than they require to perform their Answer option D is incorrect. This is absolutely not poor resource management, but rather wise security policy, thus wise resource management. Answer option A is incorrect. The term 'maximum control' is not a valid network security term. Answer option C is incorrect. An ACL or access control list is used to control access to resources by matching a user on the list with rights to a resource. This may or may not have the user with more access than their job requires.
Topics
Community Discussion
No community discussion yet for this question.