An access system that grants users only those rights necessary for them to perform their work is operating on
which security principle?
A.
Discretionary Access
B.
Least Privilege
C.
Mandatory Access
D.
Separation of Duties
Explanation:
Least privilege means an individual should have just enough permissions and rights to fulfill his role in the
company and no more.
Incorrect Answers:
A: A: Discretionary Access Control (DAC) allows data owners to dictate what subjects have access to the files
and resources they own.
C: Mandatory Access control is based on a security label system
D: Separation of Duties is a preventive administrative control that is used to make sure one person is unable to
carry out a critical task alone.https://en.wikipedia.org/wiki/Principle_of_least_privilege
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 126, 220-228