Which security principle might disallow access to sensitive data even if an individual had the necessary security clearance?
A.
Principle of least privilege
B.
Separation of duties
C.
Need to know
D.
Nash analytics
Explanation:
Answer C is correct; need to know is used in highly sensitive operations, and goes beyond even the principle of least privilege, which, in a MAC environment, might simply require a Top Secret clearance for the data in question. Need to know requires that someone only has access to the information if it is necessary for the completion of this particular operation.Incorrect Answers and Explanations: A, B, and D: Answers A, B, and D are incorrect. Nash analytics is a completely made up choice. Principle of least privilege is definitely the closest to being correct, but need to know is the best answer given the explanation that the person was cleared for the data. Separation of duties is focused specifically on ensuring that an individual doesnt have too much power, and achieves this by splitting responsibilities across multiple parties.