A technician is creating local user accounts on several Windows workstations. To minimize security risk, the technician grants each employee only the permissions required to perform everyday duties-nothing more. What is the main security benefit of applying this approach, known as the Principle of Least Privilege?
It eliminates the need for multifactor authentication across the network.
It reduces the attack surface by limiting what each account can do.
It lets users install any software they want without administrative help.
It reallocates extra CPU resources to privileged users, improving performance.
Granting users the minimal rights needed for their roles reduces the number of actions an attacker-or malware running under that account-can perform. By shrinking the attack surface and limiting lateral movement, the organization lowers the likelihood and potential impact of a successful breach. Allowing unrestricted software installation, removing multifactor authentication, or reallocating CPU resources are not primary outcomes of least-privilege enforcement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Principle of Least Privilege?
Open an interactive chat with Bash
How does the Principle of Least Privilege reduce the attack surface?