A security audit reveals that several employees have been accessing sensitive customer data that is not required for their job functions. Which of the following security measures would have been the MOST effective at preventing this type of unauthorized access?
Enforcing the principle of least privilege through access controls
Deploying a file integrity monitoring system
Implementing hourly data backups
Increasing the complexity requirements for user passwords
The correct answer is that enforcing the principle of least privilege would be the most effective measure. This security concept dictates that users should only be granted access to the specific data and resources necessary to perform their job duties. The scenario describes a failure of authorization, where employees who are authenticated to the system have excessive permissions, leading to a breach of confidentiality. Implementing data backups addresses availability, not unauthorized access. A file integrity monitoring system addresses integrity by detecting unauthorized changes, but it doesn't prevent unauthorized viewing. Increasing password complexity strengthens authentication but does not resolve issues with over-privileged accounts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
Open an interactive chat with Bash
How are access controls implemented to enforce least privilege?
Open an interactive chat with Bash
What risks arise from not enforcing the principle of least privilege?