Ensuring least privilege does not require:
A . Identifying what the user’s job is.
B . Ensuring that the user alone does not have sufficient rights to subvert an important process.
C . Determining the minimum set of privileges required for a user to perform their duties.
D . Restricting the user to required privileges and nothing more.
Answer: B
Explanation: Ensuring that the user alone does not have sufficient rights to subvert an important process is a concern of the separation of duties principle and it does not concern the least privilege principle. Source: DUPUIS, Clément, Access Control Systems and Methodology CISSP Open Study Guide, version 1.0, march 2002 (page 33).
Latest SSCP Dumps Valid Version with 1074 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund