Which principle ensures that users are granted only the minimum permissions necessary to perform their job functions?
Trap 1: Defense in depth
Defense in depth uses multiple overlapping controls.
Trap 2: Separation of duties
Separation of duties prevents a single person from completing a high-risk action alone.
Trap 3: Need-to-know
Need-to-know restricts access to specific data, not overall permissions.
- A
Defense in depth
Why wrong: Defense in depth uses multiple overlapping controls.
- B
Least privilege
Least privilege grants only the minimum permissions needed.
- C
Separation of duties
Why wrong: Separation of duties prevents a single person from completing a high-risk action alone.
- D
Need-to-know
Why wrong: Need-to-know restricts access to specific data, not overall permissions.