Which term below BEST describes the concept of least privilege?
A.
Active monitoring of facility entry access points.
B.
Each user is granted the lowest clearance required for their tasks.
C.
A formal separation of command, program, and interface functions.
D.
A combination of classification and categories that represents the sensitivity of information.
Explanation:
The least privilege principle requires that each subject in a system be granted the most restrictive set
of privileges (or lowest clearance) needed for the performance of authorized tasks. The application
of this principle limits the damage that can result from accident, error, or unauthorized use. Applying
this principle may limit the damage resulting from accidents, errors, or unauthorized use of system
resources. *Answer “A formal separation of command, program, and interface functions.” describes
separation of privilege, which is the separation of functions, namely between the commands,
programs, and interfaces implementing those functions, such that malicious or erroneous code in
one function is prevented from affecting the code or data of another function. *Answer “A
combination of classification and categories that represents the sensitivity of information.” is a
security level. A security level is the combination of hierarchical classification and a set of nonhierarchical categories that represents the sensitivity of information. *Answer “Active monitoring of
facility entry access points.” is a distracter. Source: DoD 5200.28- STD Department of Defense
Trusted Computer System Evaluation Criteria.