Which term denotes the principle of granting users the minimal permissions necessary to perform their job?

Prepare for the ISSAP Exam with challenging questions and insights. Enhance your understanding using flashcards and detailed explanations. Master your skills for success!

Multiple Choice

Which term denotes the principle of granting users the minimal permissions necessary to perform their job?

Explanation:
The concept tested is granting users only the minimum permissions they need to do their job. This principle reduces the attack surface by preventing unnecessary access to data and systems, which minimizes potential damage if an account is compromised. It also helps with accountability and simplifies monitoring because each user’s actions are limited to what’s essential for their role. In practice, you define narrowly scoped roles, apply the need-to-know basis, and regularly review permissions or adjust them as jobs change. When elevated access is required, use controlled processes such as approvals or time-limited, just-in-time access to maintain security. Integrity focuses on data staying accurate and unaltered, not on who can access it. Governance is the overarching framework of policies and decision-making for security and operations. Due diligence is the care taken to assess risks and comply with obligations. None of these describe the specific practice of restricting access to the minimum necessary, which is why the correct term is least privilege.

The concept tested is granting users only the minimum permissions they need to do their job. This principle reduces the attack surface by preventing unnecessary access to data and systems, which minimizes potential damage if an account is compromised. It also helps with accountability and simplifies monitoring because each user’s actions are limited to what’s essential for their role. In practice, you define narrowly scoped roles, apply the need-to-know basis, and regularly review permissions or adjust them as jobs change. When elevated access is required, use controlled processes such as approvals or time-limited, just-in-time access to maintain security.

Integrity focuses on data staying accurate and unaltered, not on who can access it. Governance is the overarching framework of policies and decision-making for security and operations. Due diligence is the care taken to assess risks and comply with obligations. None of these describe the specific practice of restricting access to the minimum necessary, which is why the correct term is least privilege.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy