What is the security principle stating that access is denied unless explicitly granted?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

What is the security principle stating that access is denied unless explicitly granted?

Explanation:
Access is denied by default until an explicit permission is granted. This approach blocks everything unless a specific allowance is defined, reducing the chance of unintended access. In practice, systems like firewalls and access control lists use this mindset: if there isn’t a rule that allows something, it’s blocked. This is often paired with the principle of least privilege, which ensures users receive only the minimal rights needed to perform their tasks. The other options don’t fit because least privilege focuses on minimal rights, not the default posture; default allow would let access through unless denied; and security through obscurity relies on hiding details rather than controlling access.

Access is denied by default until an explicit permission is granted. This approach blocks everything unless a specific allowance is defined, reducing the chance of unintended access.

In practice, systems like firewalls and access control lists use this mindset: if there isn’t a rule that allows something, it’s blocked. This is often paired with the principle of least privilege, which ensures users receive only the minimal rights needed to perform their tasks. The other options don’t fit because least privilege focuses on minimal rights, not the default posture; default allow would let access through unless denied; and security through obscurity relies on hiding details rather than controlling access.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy