The end result of implementing the principle of least privilege means which of the following?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The principle of least privilege refers to allowing users to have only the access they need and not anything more.Thus, certain users may have no need to access any of the files on specific systems.
The following answers are incorrect: Users can access all systems.
Although the principle of least privilege limits what access and systems users have authorization to, not all users would have a need to know to access all of the systems.The best answer is still Users would get access to only the info for which they have a need to know as some of the users may not have a need to access a system.
Users get new privileges when they change positions.Although true that a user may indeed require new privileges, this is not a given fact and in actuality a user may require less privileges for a new position.The principle of least privilege would require that the rights required for the position be closely evaluated and where possible rights revoked.
Authorization creep.
Authorization creep occurs when users are given additional rights with new positions and responsibilities.The principle of least privilege should actually prevent authorization creep.
The following reference(s) were/was used to create this question: ISC2 OIG 2007 p.101,123 - Shon Harris AIO v3 p148, 902-903
The principle of least privilege is a security concept that limits access rights for users, accounts, and computing processes to the bare minimum permissions necessary to perform their designated functions. The goal is to reduce the overall risk of a security breach by minimizing the potential damage that could occur if an account or process is compromised.
Out of the given options, the end result of implementing the principle of least privilege is A: Users would get access to only the info for which they have a need to know. This means that users are granted access to only the resources and data that are necessary to perform their job functions. By limiting access rights, the potential damage from a security breach or data leak is minimized.
Option B, "Users can access all systems," is incorrect and goes against the principle of least privilege. If users are granted access to all systems, they would have too many permissions and could potentially cause harm to the systems or the data they contain.
Option C, "Users get new privileges added when they change positions," is also incorrect. The principle of least privilege does not grant privileges based on job position, but rather on a need-to-know basis. Users only receive access to the resources required to perform their job tasks, regardless of any changes in position or job responsibilities.
Option D, "Authorization creep," is also incorrect. Authorization creep is the gradual accumulation of access rights over time, which can occur when privileges are not properly managed or revoked when they are no longer needed. This is the opposite of the principle of least privilege, which seeks to minimize access rights from the outset.
In summary, the end result of implementing the principle of least privilege is that users are granted access to only the resources they need to perform their job functions, thereby reducing the overall risk of a security breach.