Which combination of access control practices is recommended to mitigate insider risk?

Prepare for the DSAC-11 Annex B Test. Study with our quiz featuring flashcards and multiple-choice questions, each question accompanied by hints and explanations. Get ready to excel!

Multiple Choice

Which combination of access control practices is recommended to mitigate insider risk?

Explanation:
Restricting what each person can do and ensuring critical actions require more than one person to approve or perform creates a strong barrier against insider risk. Least privilege means giving every user only the minimum permissions they need for their job, so even if an account is compromised or misused, the potential damage is limited. Separation of duties adds another layer: no single individual has enough authority to carry out a high-risk operation alone, so tasks are distributed across roles and approvals are required from others. This combination reduces both the opportunity for misuse and the chance that mistakes go unchecked, making insider threats much harder to carry out unnoticed. Broad access bypasses the limitations that reduce risk, so it’s not protective. Not having regular access reviews means permissions can creep and stay longer than needed, increasing exposure. Just-in-time access for contractors is helpful but doesn’t address internal risk on its own, and relying on it exclusively misses the ongoing discipline of least privilege and the checks introduced by separation of duties.

Restricting what each person can do and ensuring critical actions require more than one person to approve or perform creates a strong barrier against insider risk. Least privilege means giving every user only the minimum permissions they need for their job, so even if an account is compromised or misused, the potential damage is limited. Separation of duties adds another layer: no single individual has enough authority to carry out a high-risk operation alone, so tasks are distributed across roles and approvals are required from others. This combination reduces both the opportunity for misuse and the chance that mistakes go unchecked, making insider threats much harder to carry out unnoticed.

Broad access bypasses the limitations that reduce risk, so it’s not protective. Not having regular access reviews means permissions can creep and stay longer than needed, increasing exposure. Just-in-time access for contractors is helpful but doesn’t address internal risk on its own, and relying on it exclusively misses the ongoing discipline of least privilege and the checks introduced by separation of duties.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy