Which principle ensures users are granted only the minimum privileges needed to perform their jobs?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the CompTIA Cloud+ exam. Enhance your skills with flashcards and multiple choice questions, each supported by hints and explanations. Prepare effectively for your certification!

Multiple Choice

Which principle ensures users are granted only the minimum privileges needed to perform their jobs?

Explanation:
The idea being tested is granting users only the access they truly need to do their jobs. This minimizes the potential for mistakes, misuse, or breaches by keeping each account’s permissions to the smallest set necessary. When privileges are kept to a minimum, the impact of any compromise is limited and it’s easier to manage and audit who can do what. Other controls relate to access in different ways but don’t capture the same overarching principle. Separation of duties focuses on dividing responsibilities to prevent fraud or errors, not on limiting each user’s overall permissions. Need-to-know narrows access to specific data or resources on a strict basis, which is hand-in-hand with least privilege but is more about data access than the general permission set for all job functions. Role-based access control is a mechanism to enforce access using defined roles, helping implement least privilege, but the fundamental idea being tested is the minimum-privilege principle itself.

The idea being tested is granting users only the access they truly need to do their jobs. This minimizes the potential for mistakes, misuse, or breaches by keeping each account’s permissions to the smallest set necessary. When privileges are kept to a minimum, the impact of any compromise is limited and it’s easier to manage and audit who can do what.

Other controls relate to access in different ways but don’t capture the same overarching principle. Separation of duties focuses on dividing responsibilities to prevent fraud or errors, not on limiting each user’s overall permissions. Need-to-know narrows access to specific data or resources on a strict basis, which is hand-in-hand with least privilege but is more about data access than the general permission set for all job functions. Role-based access control is a mechanism to enforce access using defined roles, helping implement least privilege, but the fundamental idea being tested is the minimum-privilege principle itself.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy