A large enterprise is deploying a new cloud-based IAM system. The security architect is reviewing the configuration options and notices that user accounts are initially created with full access to all system resources. What action should the security architect recommend to best implement the principle of secure defaults?
Leave the default configuration and train administrators to remove unnecessary permissions after account creation
Configure the system to create user accounts with no access by default and grant permissions based on job requirements
Implement role-based templates that grant moderate access to all users and additional permissions for privileged users
Deploy enhanced logging and monitoring to track user activities after accounts are created with full access
The principle of secure defaults requires that systems be deployed with the most secure configuration possible by default, without requiring user intervention. When implementing secure defaults for user accounts, the proper approach is to configure the system with no access by default and then grant permissions as needed based on job requirements. This follows the principle that security should be built into systems from the beginning and users should only have access to what they need to perform their job functions. Starting with no permissions and adding them as needed is more secure than starting with full permissions and trying to remove unnecessary ones, as this approach reduces the risk of overlooking permissions that should be removed.
The other options either contradict secure defaults (option B), implement inadequate security measures (option C), or focus on monitoring rather than preventing unauthorized access (option D). In this context, IAM refers to Identity and Access Management systems, which are central to controlling user permissions and access rights.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of secure defaults?
Open an interactive chat with Bash
What does IAM (Identity and Access Management) involve?
Open an interactive chat with Bash
Why is it important to remove unnecessary permissions from user accounts?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access