CISSP · Question #758
Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?
The correct answer is A. Role Based Access Control (RBAC). Restricting execution of privileged procedures requires a mechanism that grants access based on defined roles and permissions. Role Based Access Control (RBAC) is specifically designed to enforce least-privilege by assigning permissions to roles rather than individuals.
Question
Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?
Options
- ARole Based Access Control (RBAC)
- BBiometric access control
- CFederated Identity Management (IdM)
- DApplication hardening
How the community answered
(30 responses)- A90% (27)
- B3% (1)
- C7% (2)
Why each option
Restricting execution of privileged procedures requires a mechanism that grants access based on defined roles and permissions. Role Based Access Control (RBAC) is specifically designed to enforce least-privilege by assigning permissions to roles rather than individuals.
RBAC controls what actions and procedures a user can execute by assigning permissions to roles, and then assigning users to those roles. This directly addresses the execution of privileged procedures by ensuring only users with the appropriate role (e.g., administrator, DBA) can invoke sensitive or elevated operations, enforcing the principle of least privilege at a granular level.
Biometric access control authenticates the identity of a person (e.g., fingerprint, retina scan) to grant physical or logical access, but it does not control which specific procedures or operations an authenticated user is permitted to execute.
Federated Identity Management enables single sign-on and identity sharing across different organizational domains or systems, but it focuses on identity federation and authentication rather than restricting what privileged procedures a user may execute within a system.
Application hardening reduces the attack surface of an application by removing unnecessary features, patching vulnerabilities, and configuring secure defaults, but it is not a mechanism for controlling which authenticated users are authorized to run privileged procedures.
Concept tested: Role-based access control for privileged procedure authorization
Source: https://learn.microsoft.com/en-us/azure/role-based-access-control/overview
Topics
Community Discussion
No community discussion yet for this question.