Question

What do you call the security discipline that requires that a user is given no more privilege necessary to perform his or her job?

a) defense in depth
b) reduction of attack surface
c) risk transfer
d) principle of least privilege

Answer 1

The security discipline where a user is given the least amount of privilege necessary to perform their job is called the principle of least privilege.

Step-by-step explanation:

The security discipline that requires a user to have only the necessary privileges to perform his or her job is known as the principle of least privilege. This principle is a core concept in computer security, ensuring that users have the minimum levels of access — or permissions — needed to carry out their work. Applying the principle of least privilege helps to reduce the potential attack surface by limiting the access rights of users to the bare minimum necessary to complete their jobs, thereby minimizing the chances of a security breach.