An organization has a policy where an employee who moves from one department to another, such as from Database Administration to Network Engineering, retains all previous access rights while new permissions for the new role are added. This practice introduces which of the following security risks?
The correct answer identifies 'privilege creep' as the security risk. Privilege creep, also known as access accumulation, occurs when users progressively gain more access rights over time as they move between different roles within an organization, but their old permissions are not revoked. This practice directly violates the principle of least privilege, which dictates that users should only have the minimum permissions necessary to perform their current job functions. Retaining unnecessary permissions, such as a network engineer having DBA rights, expands the attack surface and increases the risk of unauthorized access or data misuse should the account be compromised. Regular access reviews and proper de-provisioning of obsolete rights during role transitions are essential to prevent privilege creep.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
Open an interactive chat with Bash
What does 'privilege creep' mean in cybersecurity?
Open an interactive chat with Bash
Why is it important to review access permissions when changing roles?
Open an interactive chat with Bash
ISC2 CISSP
Identity and Access Management (IAM)
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access