nerdexam
(ISC)2

CISSP · Question #675

In order to support the least privilege security principle when a resource is transferring within the organization from a production support system administration role to a developer role, what change

The correct answer is C. From Administrator privileges to No Access privileges. The principle of least privilege states that a user should have only the minimum access necessary to perform their job. When a resource (person) moves from a production support system administration role (which typically needs broad OS‑level access) to a developer role, they gene

Submitted by viktor_hu· Mar 5, 2026Identity and Access Management (IAM)

Question

In order to support the least privilege security principle when a resource is transferring within the organization from a production support system administration role to a developer role, what changes should be made to the resource's access to the production operating system (OS) directory structure?

Options

  • AFrom Read Only privileges to No Access Privileges
  • BFrom Author privileges to Administrator privileges
  • CFrom Administrator privileges to No Access privileges
  • DFrom No Access Privileges to Author privileges

How the community answered

(51 responses)
  • A
    16% (8)
  • B
    6% (3)
  • C
    75% (38)
  • D
    4% (2)

Explanation

The principle of least privilege states that a user should have only the minimum access necessary to perform their job. When a resource (person) moves from a production support system administration role (which typically needs broad OS‑level access) to a developer role, they generally no longer need direct administrative access to the production OS directory structure. Therefore, to align with least privilege, their access should be removed entirely (No Access) or at most reduced to a tightly scoped, non‑admin role that does not include full OS‑level control.

Topics

#least privilege#access control#role-based access control#privilege management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice