What is the principle of least privilege and how is it applied in DSAC-11 Annex B?

Prepare for the DSAC-11 Annex B Test. Study with our quiz featuring flashcards and multiple-choice questions, each question accompanied by hints and explanations. Get ready to excel!

Multiple Choice

What is the principle of least privilege and how is it applied in DSAC-11 Annex B?

Explanation:
The principle of least privilege means giving each user or process only the access needed to perform their tasks, no more. In DSAC-11 Annex B, this is put into practice by tying permissions to roles (role-based access control), constraining what those permissions allow, and restricting access based on need-to-know. This combination reduces the potential impact of a compromised account, makes it easier to revoke or adjust access, and helps keep sensitive information protected by ensuring only those with a legitimate reason can see it. This exact approach is the best fit because it describes not just the idea of minimal access, but also how it’s achieved in real systems—through RBAC, restricted permissions, and need-to-know controls. Other options don’t align with the goal: granting privileges broadly increases risk, random assignment has no security basis, and limiting privileges only to administrators ignores the needs of regular users and services that require access to perform tasks.

The principle of least privilege means giving each user or process only the access needed to perform their tasks, no more. In DSAC-11 Annex B, this is put into practice by tying permissions to roles (role-based access control), constraining what those permissions allow, and restricting access based on need-to-know. This combination reduces the potential impact of a compromised account, makes it easier to revoke or adjust access, and helps keep sensitive information protected by ensuring only those with a legitimate reason can see it.

This exact approach is the best fit because it describes not just the idea of minimal access, but also how it’s achieved in real systems—through RBAC, restricted permissions, and need-to-know controls. Other options don’t align with the goal: granting privileges broadly increases risk, random assignment has no security basis, and limiting privileges only to administrators ignores the needs of regular users and services that require access to perform tasks.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy