The default level of security established for access controls should be
A.
All access
B.
Update access
C.
Read access
D.
No access
Explanation:
“Need to Know and the Principle of Least Privilege are two standard axioms of highsecurity environments. A user must have a need-to-know to gain access to data or resources.
Even if that ser has an equal or greater security classification than the requested information, if
they do not have a need-to-know, they are denied access. A need-to-know is the requirement to
have access to, knowledge about, or possession of data or a resource to perform specific work
tasks. The principle of least privilege is the notion that users should be granted the least amount of
access to the secure environment as possible for them to be able to complete their work tasks.”
Pg 399 Tittel: CISSP Study Guide