What is the difference between least privilege and need-to-know?

seenagapeJanuary 22, 2012

A.
A user should have least privileges that restrict her need-to-know.

B.
A user should have a security clearance to access resources, a need-to-know about those resources, and least privilege to give her full control of all resources.

C.
A user should have a need-to-know to access particular resources; least privilege should be implemented to ensure she only accesses the resources she has a need-to-know.

D.
They are two terms for the same issue.

Explanation:
Users should only be able to access the resources they need to fulfill
their duties of their positions. They also should only have the level of permissions
and rights for those resources that is required to carry out the exact operations
they need for their jobs and no more. This second concept is more granular than the
first, but they have a symbiotic relationship.

2 Comments on “What is the difference between least privilege and need-to-know?”

Sai says:

October 7, 2016 at 3:34 am

Correct Answer is (A)

0

0

Log in to Reply

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISC Exam Questions

Free ISC2 Study Guide

What is the difference between least privilege and need-to-know?

2 Comments on “What is the difference between least privilege and need-to-know?”

Leave a Reply Cancel reply