A large enterprise is deploying a new cloud-based IAM system. The security architect is reviewing the configuration options and notices that user accounts are initially created with full access to all system resources. What action should the security architect recommend to best implement the principle of secure defaults?
Leave the default configuration and train administrators to remove unnecessary permissions after account creation
Configure the system to create user accounts with no access by default and grant permissions based on job requirements
Implement role-based templates that grant moderate access to all users and additional permissions for privileged users
Deploy enhanced logging and monitoring to track user activities after accounts are created with full access
The principle of secure defaults (also called fail-safe or secure-by-default) requires that a system's out-of-the-box configuration be restrictive and follow a deny-unless-explicitly-authorized model. Creating new identities with zero privileges and then selectively granting rights based on the user's role satisfies both secure defaults and least privilege. Retaining a permissive vendor default, granting every user a "moderate" baseline, or relying only on monitoring or later clean-up all begin from an overly permissive state and therefore violate the secure-by-default requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of secure defaults?
Open an interactive chat with Bash
What does IAM (Identity and Access Management) involve?
Open an interactive chat with Bash
Why is it important to remove unnecessary permissions from user accounts?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access