Authorization creep is to access controls what scope creep is to software development. Which of the following is not true of aut

admin2013-12-19 79

问题 Authorization creep is to access controls what scope creep is to software development. Which of the following is not true of authorization creep?

选项 A、Users have a tendency to request additional permissions without asking for others to be taken away.
B、It is a violation of "least privilege."
C、It enforces the "need-to-know" concept.
D、It commonly occurs when users transfer to other departments or change positions.

答案C

解析 C正确。“知其所需”(need-to-know)原则基于的理念为：用户只应该授予为完成其工作职责所需要的资源的访问权限。如果没有明确地说明允许访问，那么应该就是禁止访问。与其把访问权给予所有人，然后再基于“知其所需”把特权剥夺，不如开始什么也不给，然后在“知其所需”的基础上增加特权。授权蔓延与这个概念相反，它是指访问权限随着时间的推移逐渐累积，尤其指对用户不需要知道的数据。
A不正确。因为本选项正确地描述了授权蔓延的原因，而问题问的是哪一项描述不正确。授权蔓延的出现往往是由于用户总是要求获得额外的访问权限而又不允许剥夺其他的访问权限。最后导致用户拥有比他实际所需多得多的访问权限。这种做法会带来严重的风险，因为太多用户对公司资产拥有太多的访问特权。
B不正确。因为授权蔓延违背了“最小特权”原则，而这个问题问的是哪一项描述不正确。最小特权原则规定用户应该只授予其完成工作任务所需的最小特权。对用户账户执行最小特权的原则应该是一个持续进行的工作，即每个用户的访问权限都应该进行审核，从而确保公司不会置身风险之中。
D不正确。因为这一项正确描述了授权蔓延的原因，而这个问题问的是哪一项不正确。当用户调至其他部门或更换了职位，他们往往会被分配更多的访问权限——远远多于他们完成工作所需的权限。这些权限通常是在他们原来的权限的基础上增加的，这样使得它们对资源的访问权太大会过于危险。

转载请注明原文地址:https://www.kaotiyun.com/show/jNhZ777K

CISSP认证

相关试题推荐

随机试题

最新回复(0)

Authorization creep is to access controls what scope creep is to software development. Which of the following is not true of aut

CISSP认证

TheTreasurycouldpocket20millionayearinextrafinesoncethecountry’sspeedcameranetworkisexpanded.Motoringorgani

Thetranslatormusthaveanexcellent,up-to-dateknowledgeofhis【C1】______languages,fullfacilityinthehandlingofhistarg

About3billionpeoplelivewithin100milesofthesea,anumberthatcoulddoubleinthenextdecadeashumansflocktocoasta

[A]Thefirststepinpreparingamarketingplanisthatofproducingtheinformationnecessaryfordecision-making.Usually,a

Menandwomendothinkdifferently,atleastwheretheanatomyofthebrainisconcerned,accordingtoanewstudy.Thebrainis

WhenGeorgeStephensonbuiltarailwayfromLiverpooltoManchesterinthe1820s,itcost45%morethanbudgetandwassubjectt

[A]Developmentwelcomedbycityplanners[B]Reduceddemandsonspaceandenergy[C]Plansforfuturehomes[D]Worldwideexamp

Writealettertothemanagerofthehotelinwhichyouhavestayed,makingacomplaintaboutitsserviceduringyourstay.Y

Youarethepresidentofacompany.WriteamemotoSallyCooper,theHRmanagerontheemployeestrainingoncomputerto,1

Sevenyearsago,agroupoffemalescientistsattheMassachusettsInstituteofTechnologyproducedapieceofresearchshowing

生产劳动的经验被排斥在学校大门之外的现象发生在()。

靠风传播花粉和种籽的植物是______。

泪膜构成有

财务分析的基本方法不包括()。

()是指旅游者的言行侵犯了一个主权国家的法律和世界公认的国际准则的行为。

Readthefollowingpassagesandanswerquestions9-18.1.ThePalaceMuseum,knownastheForbiddenCity,wastheimperialpalac

AttheKyotoconferenceonglobalwarminginDecember1997,itbecameabundantlyclearhowcomplexithasbecometoworkoutint

A.whileB.darkC.devisedD.whereasE.specificF.agreeableG.regularH.stimu

IfI_______inyourposition,Iwouldn’tacceptthisjoboffer.