Practice free →
HomeBCA Cyber SecuritycybersecurityCybersecurity Fundamentals › PRINCIPLE OF LEAST PRIVILEGE states that

PRINCIPLE OF LEAST PRIVILEGE states that

Aevery user should be administrator for convenience
Busers get only the minimum permissions they need
Call passwords should be stored in plaintext
Dlogs should be deleted regularly
Answer & Solution
Correct answer: B. users get only the minimum permissions they need
1. LEAST PRIVILEGE: grant users (and processes) only the permissions strictly necessary for their function. 2. Benefits: minimises blast radius of compromised accounts, reduces accidental damage, simplifies auditing. 3. Implementation: role-based access control (RBAC), separation of duties, time-bound elevated privileges (just-in-time access). 4. Modern extension: ZERO TRUST architecture — never trust, always verify. 5. Other options describe ANTI-patterns that lead to breaches. _Source: NIST CSF v1.1, PR.AC-4 (Access permissions managed by least privilege) + general security best practice._
Solve this in the app — BCA Cyber Security practice & 24k+ MCQs →
Related questions