Question 18 - CertNexus ITS-110 Real Exam Questions [Jan 2026 Update]

Q: 18

In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

Options

Correct Answer:

Explanation

The principle of least privilege is a foundational security concept that dictates a user or entity should only be granted the minimum permissions necessary to accomplish their required tasks. This is the very essence of implementing granular access control. By restricting access to only what is essential, the potential attack surface is minimized, and the risk of intentional or unintentional abuse of access rights is significantly reduced. This principle ensures that if an account is compromised, the damage is contained to the minimal set of permissions assigned to that account.

Why Incorrect

A. System administrator access: This represents the highest level of privilege, the opposite of a granular or least privilege approach, and carries the greatest risk of abuse.

C. Guest account access: This is a specific, highly restricted user type, not a general principle for implementing granular control across an organization to minimize risk.

D. Discretionary access control (DAC): This is a type of access control model, not the implementation principle itself. DAC can be configured to enforce least privilege, but the principle is the guiding rule.

References

1. National Institute of Standards and Technology (NIST). (2020). Security and Privacy Controls for Information Systems and Organizations (NIST Special Publication 800-53

Revision 5). U.S. Department of Commerce. See control AC-6 Least Privilege

Section 2.1

which states

"The principle of least privilege is applied to the privileges assigned to individuals and to the processes acting on behalf of individuals."

2. Saltzer

J. H.

& Schroeder

M. D. (1975). The Protection of Information in Computer Systems. Proceedings of the IEEE

63(9)

1278–1308. https://doi.org/10.1109/PROC.1975.9939. See Section I.A.4

"Principle of Least Privilege

" which defines it as a fundamental design principle for secure systems.

3. MIT OpenCourseWare. (2014). 6.858 Computer Systems Security

Fall 2014. Massachusetts Institute of Technology. See Lecture 2: "Control Hijacking

" Section on "Security Principles

" which identifies "Least Privilege" as a core strategy to limit the capabilities of an attacker.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE