Certified in Risk and Information Systems Control (CRISC) — Question 1115

Which of the following is the BEST way to reduce the likelihood of an individual performing a potentially harmful action as the result of unnecessary entitlement?

Answer options

• A. Least privilege
• B. Application monitoring
• C. Separation of duty
• D. Nonrepudiation

Correct answer: A

Explanation

The correct answer is 'Least privilege' because it restricts users' access rights to the minimum necessary to perform their tasks, thereby reducing the risk of harmful actions. The other options, while they have their own security benefits, do not directly address the issue of unnecessary entitlement in the same way that implementing least privilege does.