Which of the following states that a user should never be given more privileges than are required to
carry out a task?
A.
Security through obscurity
B.
Segregation of duties
C.
Principle of least privilege
D.
Role-based security
Explanation:
The principle of least privilege states that a user should never be given more privileges than are
required to carry out a task. The user should not be logged on as an administrator, if the user is not
doing administrative work on a computer. The administrator account should be used for performing
tasks, such as changing system time, installing software, or creating standard accounts.Answer D is incorrect. Role-based security provided by the .NET Framework allows, grants, or denies
access to resources based on a Windows user’s identity. It is built on the principle that the user is
authenticated and can be authorized or assigned roles and permissions.Answer B is incorrect. Segregation of duties is used to determine whether decision-making,
executive tasks, or control tasks are carried out by a person to avoid unauthorized or unintended
changes or the misuse of the organization’s assets. Whether the person needs access to information
can also be determined. The risk of information being intentionally or unintentionally used, altered,
or destroyed is increased by unnecessary access. It is called the ‘need to know’ principle.Answer A is incorrect. Security through obscurity is a principle in security engineering, which
attempts to use secrecy (of design, implementation, etc.) to provide security. A system relying on
security through obscurity may have theoretical or actual security vulnerabilities, but its owners or
designers believe that the flaws are not known, and that attackers are unlikely to find them.
C