A network administrator is tasked with redesigning the user access model for a company to align with the principle of least privilege. Which of the following is the most effective and scalable approach to implement?
Assign permissions to individual users on a case-by-case basis as access is requested.
Grant all users a baseline of read-only access, and have resource owners grant write permissions as needed.
Implement role-based access control (RBAC) to assign permissions based on job responsibilities.
Create a shared administrator account for the IT team to use for all system configuration changes.
The correct answer is to implement role-based access control (RBAC), as it is a scalable and effective method for enforcing the principle of least privilege by grouping permissions according to job functions. Assigning permissions on a case-by-case basis is not scalable and often leads to privilege creep over time. Creating a shared administrator account is a significant security risk because it eliminates individual accountability for actions performed with high privileges. While granting baseline read-only access is a step towards security, relying on individual resource owners to grant further permissions (a discretionary model) is less structured and harder to manage and audit at scale than RBAC.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is RBAC and how does it work in a network?
Open an interactive chat with Bash
What are the potential security risks of using shared administrator accounts?
Open an interactive chat with Bash
Why is the principle of least privilege important in network security?