The principle of least privilege states that users should receive only the rights needed to perform their duties. Administrators should therefore use a dedicated, separate account with elevated permissions only when performing maintenance or management tasks. Using a standard account for daily activities reduces the risk that malware or mistakes will occur with full system rights. Disabling MFA, sharing generic admin accounts, or keeping permanent administrator rights attached to a daily-use account all violate this principle and weaken accountability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important for administrators to have a separate account for administrative tasks?
Open an interactive chat with Bash
What are the key principles behind the idea of 'separation of duties'?
Open an interactive chat with Bash
What can happen if an administrator's normal account is compromised?