You have been hired by a startup as their first IT Security team member. To your surprise they have no security or compliance policies documented. The first policy you aim to create would ensure that access to company systems and data is based on an individual's job function. What option best describes this policy?

  • Blacklists
  • Whitelists
  • Least privilege
  • Job Role Permissions Modeling (JRPM)

CompTIA Security+ SY0-601
  • Attacks, Threats, and Vulnerabilities
  • Architecture and Design
  • Implementation
  • Operations and Incident Response
  • Governance, Risk, and Compliance
    • This question is filed here