ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam SSCP All Questions

View all questions & answers for the SSCP exam
Go to Exam

Exam SSCP topic 2 question 154 discussion

Actual exam question from ISC's SSCP
Question #: 154
Topic #: 2
[All SSCP Questions]

Which of the following rules is least likely to support the concept of least privilege?

  • A. The number of administrative accounts should be kept to a minimum.
  • B. Administrators should use regular accounts when performing routine operations like reading mail.
  • C. Permissions on tools that are likely to be used by hackers should be as restrictive as possible.
  • D. Only data to and from critical systems and applications should be allowed through the firewall.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Only data to and from critical systems and applications should be allowed through the firewall is a detractor. Critical systems or applications do not necessarily need to have traffic go through a firewall. Even if they did, only the minimum required services should be allowed. Systems that are not deemed critical may also need to have traffic go through the firewall.
Least privilege is a basic tenet of computer security that means users should be given only those rights required to do their jobs or tasks. Least privilege is ensuring that you have the minimum privileges necessary to do a task. An admin NOT using his admin account to check email is a clear example of this.
Reference(s) used for this question:
National Security Agency, Systems and Network Attack Center (SNAC), The 60 Minute Network Security Guide, February 2002, page 9.
by Rongupta at March 19, 2022, 10:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
robviplv
Highly Voted 2 years ago
answer is D, the explanation explains that an admin should use a less privileged act to do ordinary tasks.
upvoted 6 times
...
lfrivas
Most Recent 1 week, 5 days ago
Selected Answer: D
Correct answer: D. Only data to and from critical systems and applications should be allowed through the firewall. This statement relates more to network traffic control and segmentation, not directly to the principle of least privilege, which focuses on ensuring that users and processes have only the minimum permissions necessary to perform their tasks. The other options directly support least privilege by: Limiting administrative accounts (A) Using standard accounts for routine tasks (B) Restricting access to sensitive tools (C) Option D is a valid security measure but falls under network security practices, not privilege management.
upvoted 1 times
...
Stevovo123
7 months ago
Selected Answer: B
The concept of least privilege dictates that individuals, including administrators, should only have the minimum level of access and permissions required to perform their job functions effectively. While administrators typically have elevated privileges to manage and maintain systems, they should still follow the principle of least privilege by using their elevated accounts only when necessary for administrative tasks.
upvoted 1 times
...
Rongupta
2 years, 1 month ago
Selected Answer: B
as per explanation its B
upvoted 1 times
Narobi
5 months, 2 weeks ago
Besides B being very likely to support least privilege per common sense and this explanation, the fact that D is a detractor makes it the least likely you knob
upvoted 2 times
...
...
Rongupta
2 years, 1 month ago
as per explanation its B
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago