_____ requires that a user or process be granted access to only those resources necessary to perform assigned functions.

A.
Discretionary access control

B.
Separation of duties

C.
Least privilege

D.
Rotation of duties

Explanation:
C:The principle of least privilege is one of the most fundamental characteristics of access control for meeting security objectives. Least privilege requires that a user or process be given no more access privilege than necessary to perform a job, task, or function. Page 15.