CompTIA Security Plus Mock Test Q235

Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles?

A. User rights reviews
B. Incident management
C. Risk based controls
D. Annual loss expectancy


Correct Answer: A
Section: Compliance and Operational Security

Explanation:
A least privilege policy should be used when assigning permissions. Give users only the permissions and rights that they need to do their work and no more.

Incorrect Answers:
B: Incident management refers to the steps that are followed when events occur and is thus not a risk mitigation strategy.
C: Risk based controls is not the same as risk mitigation. Risk mitigation refers to the actual steps taken to reduce risk.
D: Annual Los Expectancy or ALE refers to the loss a company expects to lose in monetary value in a year.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 5, 10, 26, 413