nerdexam
(ISC)2

CISSP · Question #1099

What is the BEST way to restrict access to a file system on computing systems?

The correct answer is C. Use least privilege at each level to restrict access.. The principle of least privilege states that every user, process, or system should have the minimum amount of access or privileges necessary to perform their functions, and no more. This principle reduces the attack surface, limits the potential damage of a compromise, and enforc

Submitted by sofia.br· Mar 5, 2026Identity and Access Management

Question

What is the BEST way to restrict access to a file system on computing systems?

Options

  • AAllow a user group to restrict access.
  • BUse a third-party tool to restrict access.
  • CUse least privilege at each level to restrict access.
  • DRestrict access to all users.

How the community answered

(16 responses)
  • A
    6% (1)
  • C
    88% (14)
  • D
    6% (1)

Explanation

The principle of least privilege states that every user, process, or system should have the minimum amount of access or privileges necessary to perform their functions, and no more. This principle reduces the attack surface, limits the potential damage of a compromise, and enforces the separation of duties and responsibilities. Applying the principle of least privilege at each level of the file system, such as directories, files, and permissions, is the best way to restrict access and protect the confidentiality, integrity, and availability of the data. Allowing a user group to restrict access may not be sufficient, as the group may have more privileges than needed, or may not follow the security policies. Using a third-party tool to restrict access may introduce additional risks, such as compatibility issues, vulnerabilities, or malicious code. Restricting access to all users may prevent legitimate access and disrupt the business operations or functions.

Topics

#least privilege#access control#file system security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice