Question 1,003 of 1,152
General Security ConceptseasyMultiple ChoiceObjective-mapped

Quick Answer

The answer is need-to-know, because access is limited strictly to the information required for the job. This principle of restricting data visibility ensures that users can only see the specific data necessary to perform their duties, as demonstrated when a finance manager views only monthly budgeting reports while being blocked from payroll details. On the Security+ SY0-701 exam, this concept tests your understanding of access control models like RBAC and ACLs, often appearing in scenario-based questions where a trap answer is “least privilege”—remember, least privilege limits permissions broadly, while need-to-know limits data visibility specifically. A common memory tip is to think “need-to-know = need-to-see,” focusing on what data a role requires rather than what actions they can take.

SY0-701 General Security Concepts Practice Question

This SY0-701 practice question tests your understanding of general security concepts. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A finance manager can view only the reports needed for monthly budgeting and cannot see payroll details. Which principle is being applied?

Question 1easymultiple choice
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Need-to-know, because access is limited to information required for the job.

The principle of need-to-know restricts access to only the information necessary for an individual to perform their job duties. In this scenario, the finance manager can view only monthly budgeting reports and is explicitly blocked from payroll details, which aligns directly with need-to-know. This is typically enforced through access control lists (ACLs) or role-based access control (RBAC) policies that limit data visibility based on job function.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Need-to-know, because access is limited to information required for the job.

    Why this is correct

    Need-to-know limits access to information based on business need. The finance manager can view budgeting reports, but payroll details are withheld because they are not required for the role.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Zero trust, because the manager uses a password to sign in.

    Why it's wrong here

    Zero trust involves continuous verification and explicit trust decisions, not just password use. The scenario is primarily about restricting data access, not authentication design.

  • Separation of duties, because the manager is part of finance.

    Why it's wrong here

    Separation of duties divides tasks so one person cannot complete a sensitive process alone. This question is about limiting what information the manager can see, not splitting job duties.

  • Defense in depth, because only one report system is being used.

    Why it's wrong here

    Defense in depth refers to multiple layers of protection. Limiting report visibility is a data-access principle, not a layered control strategy.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is confusing need-to-know with least privilege, as both limit access, but need-to-know specifically restricts data visibility rather than system permissions or actions.

Trap categories for this question

  • Scenario analysis trap

    Zero trust involves continuous verification and explicit trust decisions, not just password use. The scenario is primarily about restricting data access, not authentication design.

Detailed technical explanation

How to think about this question

Need-to-know is often implemented via attribute-based access control (ABAC) or role-based access control (RBAC) with fine-grained permissions, such as using XACML policies or SQL views that expose only specific columns. For example, a database administrator might create a view that joins employee tables but omits the salary column for finance managers, ensuring that even if a query is run, payroll data is never returned. This differs from least privilege, which focuses on minimum permissions for actions, while need-to-know focuses on minimum data exposure.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SY0-701 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SY0-701 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SY0-701 question test?

General Security Concepts — This question tests General Security Concepts — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Need-to-know, because access is limited to information required for the job. — The principle of need-to-know restricts access to only the information necessary for an individual to perform their job duties. In this scenario, the finance manager can view only monthly budgeting reports and is explicitly blocked from payroll details, which aligns directly with need-to-know. This is typically enforced through access control lists (ACLs) or role-based access control (RBAC) policies that limit data visibility based on job function.

What should I do if I get this SY0-701 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

3 more ways this is tested on SY0-701

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. Match each security principle to the best description.

easy

    Why : These pairings match the CIA triad plus additional principles: confidentiality restricts access, integrity prevents unauthorized changes, availability ensures uptime, non-repudiation provides proof of actions, authentication verifies identity, and authorization defines permissions.

    Variation 2. Match each security principle to the best workplace example.

    easy

      Why : Each workplace example illustrates a security principle: least privilege grants minimal access, separation of duties divides tasks, defense in depth uses multiple controls, fail safe defaults to safe state, need to know restricts data access, and accountability tracks user actions.

      Variation 3. Match each principle to the scenario that best illustrates it.

      easy

        Why : Least privilege limits access rights; separation of duties divides critical tasks; defense in depth uses multiple security layers; need to know restricts data access; accountability tracks actions; fail safe ensures security on failure.

        Keep practising

        More SY0-701 practice questions

        Last reviewed: Jun 11, 2026

        Question Discussion

        Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

        Loading comments…

        Sign in to join the discussion.

        This SY0-701 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SY0-701 exam.