Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least
privilege principles?
A.
User rights reviews
B.
Incident management
C.
Risk based controls
D.
Annual loss expectancy
Explanation:
A least privilege policy should be used when assigning permissions. Give users only the permissions and
rights that they need to do their work and no more.
Incorrect Answers:
B: Incident management refers to the steps that are followed when events occur and is thus not a risk
mitigation strategy.
C: Risk based controls is not the same as risk mitigation. Risk mitigation refers to the actual steps taken to
reduce risk.
D: Annual Los Expectancy or ALE refers to the loss a company expects to lose in monetary value in a year.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 5, 10, 26, 413