You are the Network Administrator for a software company. Due to the nature of your company’s
business, you have a significant number of highly computer savvy users. However, you have still
decided to limit each user access to only those resources required for their job, rather
than give wider access to the technical users (such as tech support and software engineering
personnel). What is this an example of?

A.
The principle of maximum control.

B.
The principle of least privileges.

C.
Proper use of an ACL.

D.
Poor resource management.

Explanation:
No matter how technically proficient the users are, it is always proper for an administrator to grant
each user the least/lowest privileges possible for them to do their job (thus the term least
privileges). You should never grant any user any more access than they require to perform their job
functions.
Answer option D is incorrect. This is absolutely not poor resource management, but rather wise
security policy, thus wise resource management.
Answer option A is incorrect. The term ‘maximum control’ is not a valid network security term.
Answer option C is incorrect. An ACL or access control list is used to control access to resources by
matching a user on the list with rights to a resource. This may or may not have the user with more
access than their job requires.
“https.//buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/principles/351-
BSI.html”