One of the system administrators at a company is assigned to maintain a secure computer lab. The
administrator has rights to configure machines, install software, and perform user account maintenance.
However, the administrator cannot add new computers to the domain, because that requires
authorization from the Information Assurance Officer. This is an example of which of the following?

A.
Mandatory access

B.
Rule-based access control

C.
Least privilege

D.
Job rotation

Explanation:
A least privilege policy should be used when assigning permissions. Give users only the permissions that
they need to do their work and no more.
Incorrect Answers:
A: Mandatory access control is used to control how information access is permitted. In a MAC
environment, all access capabilities are predefined. Users can’t share information unless their rights to
share it are established by administrators. Consequently, administrators must make any changes that
need to be made to such rights.
B: Rule-based access control is when the settings used are in the pre-configured security policies.
D: Job rotation is when one person fills in for another and vice versa so that there is redundancy in this
regard.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 151, 152