nerdexam
(ISC)2

CISSP · Question #758

Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?

The correct answer is A. Role Based Access Control (RBAC). Restricting execution of privileged procedures requires a mechanism that grants access based on defined roles and permissions. Role Based Access Control (RBAC) is specifically designed to enforce least-privilege by assigning permissions to roles rather than individuals.

Submitted by naveen.iyer· Mar 5, 2026Identity and Access Management (IAM)

Question

Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?

Options

  • ARole Based Access Control (RBAC)
  • BBiometric access control
  • CFederated Identity Management (IdM)
  • DApplication hardening

How the community answered

(30 responses)
  • A
    90% (27)
  • B
    3% (1)
  • C
    7% (2)

Why each option

Restricting execution of privileged procedures requires a mechanism that grants access based on defined roles and permissions. Role Based Access Control (RBAC) is specifically designed to enforce least-privilege by assigning permissions to roles rather than individuals.

ARole Based Access Control (RBAC)Correct

RBAC controls what actions and procedures a user can execute by assigning permissions to roles, and then assigning users to those roles. This directly addresses the execution of privileged procedures by ensuring only users with the appropriate role (e.g., administrator, DBA) can invoke sensitive or elevated operations, enforcing the principle of least privilege at a granular level.

BBiometric access control

Biometric access control authenticates the identity of a person (e.g., fingerprint, retina scan) to grant physical or logical access, but it does not control which specific procedures or operations an authenticated user is permitted to execute.

CFederated Identity Management (IdM)

Federated Identity Management enables single sign-on and identity sharing across different organizational domains or systems, but it focuses on identity federation and authentication rather than restricting what privileged procedures a user may execute within a system.

DApplication hardening

Application hardening reduces the attack surface of an application by removing unnecessary features, patching vulnerabilities, and configuring secure defaults, but it is not a mechanism for controlling which authenticated users are authorized to run privileged procedures.

Concept tested: Role-based access control for privileged procedure authorization

Source: https://learn.microsoft.com/en-us/azure/role-based-access-control/overview

Topics

#Access control#Role-Based Access Control (RBAC)#Privilege management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice