During an audit, a security administrator discovers that several accounting users can create and delete network shares even though they only need to read and update invoices stored on a file server. Which corrective action BEST enforces the principle of least privilege when the accounts are remediated?
Enable single sign-on (SSO) so users authenticate through the corporate identity provider
Upgrade each account to local administrator to eliminate future permission requests
Strip any permissions that are not required for invoice processing and leave only the necessary read/write rights
Apply time-based login restrictions that block the users from accessing the file server after business hours
Least privilege requires each user to have no more permissions than are strictly necessary. Removing the ability to create or delete shares-or any other rights not tied to invoice processing-satisfies the principle. Granting full administrative rights, adding MFA, or limiting login hours may improve security in other ways but do not reduce the scope of existing permissions to the absolute minimum.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Principle of Least Privilege (PoLP)?
Open an interactive chat with Bash
How is the Principle of Least Privilege implemented in real-world scenarios?
Open an interactive chat with Bash
What are the risks of not following the Principle of Least Privilege?