When a security audit is performed at a company, the auditor reports that new users have access to network resources beyond their normal job roles. Additionally, users who move to different positions retain their prior permissions. What kind of violation is occurring?
- network policy
- least privilege
Explanation: Users should have access to information on a need to know basis. When a user moves from job role to job role, the same concept applies.
Exam with this question: IT Essentials (ITE v7) Practice Final Chapters 10-14 Exam Answers
Exam with this question: Modules 18 – 20: Network Defense Group Exam
Exam with this question: Network Defense – 3.5.2 Module 3: Access Control Quiz