Which of the following control is used to ensure that users have the rights and permissions they need to perform their jobs, and no more?

Which of the following control is used to ensure that users have the rights and permissions they
need to perform their jobs, and no more?

Which of the following control is used to ensure that users have the rights and permissions they
need to perform their jobs, and no more?

A.
System and Communications protection control

B.
Audit and Accountability control

C.
Access control

D.
Identification and Authentication control

Explanation:

Access control helps an organization implement effective access control. They ensure that users
have the rights and permissions they need to perform their jobs, and no more. It includes
principles such as least privilege and separation of duties.
Answer B is incorrect. Audit and Accountability control helps an organization implement an
effective audit program. It provides details on how to determine what to audit. It provides details on
how to protect the audit logs. It also includes information on using audit logs for non-repudiation.
Answer D is incorrect. Identification and Authentication control cover different practices to identify
and authenticate users. Each user should be uniquely identified. In other words, each user has
one account. This account is only used by one user. Similarly, device identifiers uniquely identify
devices on the network.
Answer A is incorrect. System and Communications protection control is a large group of controls
that cover many aspects of protecting systems and communication channels. Denial of service
protection and boundary protection controls are included. Transmission integrity and confidentiality
controls are also included.



Leave a Reply 0

Your email address will not be published. Required fields are marked *