CompTIA Security Plus Mock Test Q233

One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following?

A. Mandatory access
B. Rule-based access control
C. Least privilege
D. Job rotation

Correct Answer: C
Section: Compliance and Operational Security

A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more.

Incorrect Answers:
A: Mandatory access control is used to control how information access is permitted. In a MAC environment, all access capabilities are predefined. Users can’t share information unless
their rights to share it are established by administrators. Consequently, administrators must make any changes that need to be made to such rights.
B: Rule-based access control is when the settings used are in the pre-configured security policies.
D: Job rotation is when one person fills in for another and vice versa so that there is redundancy in this regard.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 151, 152