• 0

Understanding a Security+ Q and A

Go to solution Solved by BudMan,



I am studying for the Security+ exam SY0-301 and am having a hard time understanding the following question and answer:


Which of the following is a technical control?
A. System security categorization requirement
B. Baseline configuration development
C. Contingency planning
D. Least privilege implementation
Answer: D


The reason I can't understand why the answer is D is because I've tried to look up terms such as "System security categorization requirement" and "Least privilege implementation" and have gotten no where.  Obviously I can look up the words by themselves but I'm sure they mean something else as the complete phrases they are.  What is"System security categorization requirement" and "Least privilege implementation"?


Thanks in advanced for any helpful response/s.

Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0

System security categorization requirement is just that - is english your second language? You know like confidential, secret, top secret, your eyes only, etc. Just means that files needed to be in a category whatever your security categories are, public, private, etc.

As to least privilege - you want to do security, and you are studying for it. And have not come across least privilege?? Its a tenet of security.

As to searching any coming up empty?? First hit points you to FIPS 199, "Standards for Security Categorization of

Federal Information and Information Systems"

For least privilege - again first hit http://en.wikipedia.org/wiki/Principle_of_least_privilege

  • Like 1
Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.