nerdexam
ExamsSY0-301Questions#584
CompTIA

SY0-301 · Question #584

SY0-301 Question #584: Real Exam Question with Answer & Explanation

The correct answer is C: Least privilege. Least privilege (Option C) is the security principle that users and administrators are granted only the minimum permissions necessary to perform their job functions, and nothing more. The admin has rights for their core duties but is restricted from a higher-privilege action (dom

Question

One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following?

Options

  • AMandatory access
  • BRule-based access control
  • CLeast privilege
  • DJob rotation

Explanation

Least privilege (Option C) is the security principle that users and administrators are granted only the minimum permissions necessary to perform their job functions, and nothing more. The admin has rights for their core duties but is restricted from a higher-privilege action (domain join) that falls outside their role. Option A (Mandatory access) refers to MAC, a label-based access model. Option B (Rule-based access control) applies access based on a defined set of rules or conditions. Option D (Job rotation) is a personnel control where employees rotate roles to prevent fraud. The scenario perfectly describes least privilege: the admin's permissions are scoped precisely to what their role requires.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice