A policy that states a user must have a business requirement to view data before attempting to do so is an example of enforcing what?
A.
Least privilege
B.
Need to know
C.
Rotation of duties
D.
Separation of duties
Explanation:
Answer B is correct; need to know means the user must have a need (requirement) to access a specific object before doing so.Incorrect Answers and Explanations: A, C, and D: Answers A, C, and D are incorrect. Least privilege is less granular than need to know: users have the least amount of privilege to do their jobs, but objects are still typically grouped together (such as allowing access to all backup tapes for a backup administrator). Separation of duties is designed to divide sensitive tasks among multiple subjects. Rotation of duties is designed to mitigate collusion.