An administrator in the Network Security Department notices that an employee in the Networking Department made unauthorized changes to a firewall over the weekend. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall?
Answer Description
The key phrases here are networking department and network security department. Although firewalls are network devices, they would fall under network security department. Members of the networking department will need some access to the firewall, but changes should be made by the Network Security Department. Giving the network department only needed privileges would solve this.
Wikipedia
In information security, computer science, and other fields, the principle of least privilege (also known as the principle of minimal privilege or the principle of least authority) requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate …
Principle of least privilege - Wikipedia, the free encyclopedia