CISSP Question #1198: Real Exam Question with Answer & Explanation

Question

A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?

Options

• AAdministrative privileges on the OS
• BAdministrative privileges on the web server
• CAdministrative privileges on the hypervisor
• DAdministrative privileges on the application folders

Explanation

In a SaaS model, access should be granted at the least-privilege level necessary for the task. Since the support team only needs to read application logs, access should be scoped to the specific application folders containing those logs.

Common mistakes.

• A. Administrative privileges on the OS would grant far broader access than needed, including the ability to modify system files, install software, or alter configurations, which violates the principle of least privilege.
• B. Administrative privileges on the web server would allow the support team to modify web server configurations, restart services, or alter hosted content, which is excessive for simply reading application logs.
• C. Administrative privileges on the hypervisor would grant control over all virtual machines on that host, representing the highest and most dangerous level of over-privileged access, completely unnecessary for log review.

Concept tested. Principle of least privilege in SaaS access control

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices#use-role-based-access-control

No community discussion yet for this question.