netsurfer802 Posted July 13, 2013 Share Posted July 13, 2013 I am studying for the Security+ exam SY0-301 and am having a hard time understanding the following question and answer: Which of the following is a technical control?A. System security categorization requirementB. Baseline configuration developmentC. Contingency planningD. Least privilege implementationAnswer: D The reason I can't understand why the answer is D is because I've tried to look up terms such as "System security categorization requirement" and "Least privilege implementation" and have gotten no where. Obviously I can look up the words by themselves but I'm sure they mean something else as the complete phrases they are. What is"System security categorization requirement" and "Least privilege implementation"? Thanks in advanced for any helpful response/s. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 System security categorization requirement is just that - is english your second language? You know like confidential, secret, top secret, your eyes only, etc. Just means that files needed to be in a category whatever your security categories are, public, private, etc. As to least privilege - you want to do security, and you are studying for it. And have not come across least privilege?? Its a tenet of security. As to searching any coming up empty?? First hit points you to FIPS 199, "Standards for Security Categorization of Federal Information and Information Systems" For least privilege - again first hit http://en.wikipedia.org/wiki/Principle_of_least_privilege goretsky 1 Share Link to comment Share on other sites More sharing options...
Recommended Posts