Principle of Least Privilege

Prev Question Next Question

Question

What best describes the "Principle of Least Privilege"? Choose the correct answer from the options given below.

Answers

A. All users should have the same baseline permissions granted to them to use basic AWS services.

B. Users should be granted permission to access only resources they need to do their assigned job.

C. Users should submit all access requests in written form so that there is a paper trail of who needs access to different AWS resources.

D. Users should always have a little more permission than they need.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B.

The principle means giving a user account only those privileges which are essential to perform its intended function.

For example, a user account for the sole purpose of creating backups does not need to install the software.

Hence, it has rights only to run backup and backup-related applications.

For more information on the principle of least privilege, please refer to the following link:

https://en.wikipedia.org/wiki/Principle_of_least_privilege

Options A, C, and D are incorrect.

These actions would not adhere to the Principle of Least Privilege.

The "Principle of Least Privilege" is a security concept that involves granting users or entities the minimum access required to perform their specific tasks or operations. This principle is important in ensuring the confidentiality, integrity, and availability of data and resources within a system.

Option A is incorrect because it suggests granting all users the same level of access, regardless of their roles or responsibilities. This approach is not appropriate because it increases the risk of unauthorized access and potentially exposes sensitive information.

Option B is the correct answer because it aligns with the Principle of Least Privilege. It emphasizes that users should only be granted permission to access resources that are essential for them to perform their assigned job. This approach ensures that users do not have access to resources they do not need, thereby reducing the risk of unauthorized access and potential security breaches.

Option C is incorrect because it suggests that access requests should be submitted in written form to create a paper trail. While it is essential to have a record of access requests, this approach does not relate to the Principle of Least Privilege.

Option D is also incorrect because it suggests granting users slightly more permission than they need. This approach violates the Principle of Least Privilege because it grants unnecessary access to users and increases the risk of security breaches.

In summary, the Principle of Least Privilege dictates that users should be granted the minimum level of access required to perform their assigned tasks or operations. This approach helps to reduce the risk of unauthorized access and ensure data and resource security.

Prev Question Next Question