SSCP · Question #18
SSCP Question #18: Real Exam Question with Answer & Explanation
The correct answer is A: Users would get access to only the info for which they have a need to know. Principle of Least Privilege restricts each user to only the minimum access rights needed to perform their job - meaning users get access to only the information they have a need to know (A), making it the direct outcome of applying this principle. Why the distractors fail: B is
Question
The end result of implementing the principle of least privilege means which of the following?
Options
- AUsers would get access to only the info for which they have a need to know
- BUsers can access all systems.
- CUsers get new privileges added when they change positions.
- DAuthorization creep.
Explanation
Principle of Least Privilege restricts each user to only the minimum access rights needed to perform their job - meaning users get access to only the information they have a need to know (A), making it the direct outcome of applying this principle.
Why the distractors fail:
- B is the opposite - least privilege limits access, not opens it to all systems.
- C describes improper access management; changing positions should trigger a review and reassignment of privileges, not automatic additions.
- D (authorization creep) is what happens when least privilege is not enforced - privileges accumulate over time as roles change without removal of old access.
Memory tip: Think of "least privilege" like a keycard system - a janitor gets keys only to the rooms they clean, not the whole building. "Need to know = need to go (there only)."
Topics
Community Discussion
No community discussion yet for this question.