SY0-301 · Question #584
One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance.
The correct answer is C. Least privilege. Least privilege (Option C) is the security principle that users and administrators are granted only the minimum permissions necessary to perform their job functions, and nothing more. The admin has rights for their core duties but is restricted from a higher-privilege action (dom
Question
One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following?
Options
- AMandatory access
- BRule-based access control
- CLeast privilege
- DJob rotation
How the community answered
(21 responses)- B10% (2)
- C86% (18)
- D5% (1)
Explanation
Least privilege (Option C) is the security principle that users and administrators are granted only the minimum permissions necessary to perform their job functions, and nothing more. The admin has rights for their core duties but is restricted from a higher-privilege action (domain join) that falls outside their role. Option A (Mandatory access) refers to MAC, a label-based access model. Option B (Rule-based access control) applies access based on a defined set of rules or conditions. Option D (Job rotation) is a personnel control where employees rotate roles to prevent fraud. The scenario perfectly describes least privilege: the admin's permissions are scoped precisely to what their role requires.
Topics
Community Discussion
No community discussion yet for this question.