(ISC)2 Certified in Cybersecurity Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the (ISC)2 Certified in Cybersecurity Exam with comprehensive quizzes and extensive question banks. Enhance your skills with detailed explanations and practice tests designed to improve your expertise for the certification exam. Get exam-ready now!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What security concept applies when a user can add or delete users but not read or modify data in a database?

  1. Defense in depth

  2. Layered defense

  3. Two-person integrity

  4. Least privilege

The correct answer is: Least privilege

The concept of least privilege is relevant in this scenario because it emphasizes granting users the minimum levels of access—or permissions—necessary to perform their job functions. In this case, allowing a user to add or delete users without permitting them to read or modify data means imposing limits on the user's capabilities, thereby adhering to the least privilege principle. This approach helps to minimize potential security risks by reducing the attack surface. By limiting what a user can do, even if their account is compromised, the potential damage is restricted since they do not have access to sensitive data. It supports the idea that each user should only have as much access as they need to complete their tasks, enhancing overall security within the database environment while also safeguarding the integrity and confidentiality of the data stored. In contrast, the other concepts refer to broader security strategies or principles not focused specifically on access control per user.

More Questions Like This