What basic principle of security states that something should be allocated the minimum necessary rights to perform its role?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

What basic principle of security states that something should be allocated the minimum necessary rights to perform its role?

Explanation:
The principle being tested is least privilege: give each user or system only the minimum rights needed to perform its role. This limits what an entity can do, so if credentials are stolen or a mistake is made, the potential damage is kept small. In practice, you grant just enough access for tasks, avoid broad permissions, and remove or tighten rights when they’re no longer needed. For example, a developer might need access to read logs but not the ability to delete them, and a service account should not have admin rights unless absolutely necessary. Just-in-time elevation can also help, granting higher privileges only for a short period and revoking them afterward. Provisioning is about the process of creating accounts and assigning access, not the principle of restricting rights. A group account is a shared access approach that can obscure who did what and often makes it harder to enforce least privilege. RBAC is a model for organizing access around roles; it can implement least privilege when roles are carefully defined with the minimum permissions required, but the principle itself is the broader idea of limiting rights to the minimum needed.

The principle being tested is least privilege: give each user or system only the minimum rights needed to perform its role. This limits what an entity can do, so if credentials are stolen or a mistake is made, the potential damage is kept small. In practice, you grant just enough access for tasks, avoid broad permissions, and remove or tighten rights when they’re no longer needed. For example, a developer might need access to read logs but not the ability to delete them, and a service account should not have admin rights unless absolutely necessary. Just-in-time elevation can also help, granting higher privileges only for a short period and revoking them afterward.

Provisioning is about the process of creating accounts and assigning access, not the principle of restricting rights. A group account is a shared access approach that can obscure who did what and often makes it harder to enforce least privilege. RBAC is a model for organizing access around roles; it can implement least privilege when roles are carefully defined with the minimum permissions required, but the principle itself is the broader idea of limiting rights to the minimum needed.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy