• 0

Understanding a Security+ Q and A


Go to solution Solved by BudMan,

Question

netsurfer802

I am studying for the Security+ exam SY0-301 and am having a hard time understanding the following question and answer:

 

Which of the following is a technical control?
A. System security categorization requirement
B. Baseline configuration development
C. Contingency planning
D. Least privilege implementation
Answer: D

 

The reason I can't understand why the answer is D is because I've tried to look up terms such as "System security categorization requirement" and "Least privilege implementation" and have gotten no where.  Obviously I can look up the words by themselves but I'm sure they mean something else as the complete phrases they are.  What is"System security categorization requirement" and "Least privilege implementation"?

 

Thanks in advanced for any helpful response/s.

Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0
+BudMan

System security categorization requirement is just that - is english your second language? You know like confidential, secret, top secret, your eyes only, etc. Just means that files needed to be in a category whatever your security categories are, public, private, etc.

As to least privilege - you want to do security, and you are studying for it. And have not come across least privilege?? Its a tenet of security.

As to searching any coming up empty?? First hit points you to FIPS 199, "Standards for Security Categorization of

Federal Information and Information Systems"

For least privilege - again first hit http://en.wikipedia.org/wiki/Principle_of_least_privilege

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.