CISSP Exam - Question 61

given answer is correct

The MOST significant benefit of role-based access control (RBAC) is: B. Management of least privilege. RBAC is a widely adopted access control model that provides several benefits, but the management of least privilege is considered its most significant advantage. RBAC ensures that users are assigned only the privileges necessary to perform their specific job functions, known as the principle of least privilege. By implementing RBAC, organizations can minimize the risk of inappropriate access and unauthorized actions. Users are granted access rights based on predefined roles that align with their responsibilities, eliminating unnecessary privileges that could be exploited. This helps to reduce the attack surface and potential impact of security incidents. While RBAC also offers other benefits, such as reducing administrative overhead and providing a structured and scalable access control framework, the management of least privilege is considered the most significant because it directly addresses the principle of granting users the minimal privileges required to perform their tasks effectively and securely. ps. do not forget segregation of duties

Page 684 of OSG 9th edition

Best answer is D, as this question is about benefit of RBAC.

D. management and admin overhead work is reduced by put placing ten thousand users into one group if they all need to have access to a particular object. RBAC is not granular access level, that is where DAC comes into play providing special access to a specific user or group granted by the data owner. D is the correct answer.

B. Management of least privilege The most significant benefit of role-based access control (RBAC) is the management of least privilege. Least privilege is the practice of limiting access to the minimum set of privileges required to perform a specific job or task. In RBAC, users are assigned roles, and roles are assigned the least set of privileges necessary to perform their functions. This approach helps to prevent inappropriate access by ensuring that users are only able to access the resources and perform the actions that they need to do their jobs. Additionally, it makes it easier to manage access control by reducing the need to manage permissions at the individual user level

Should be D because it mentions about the benefit (not an objective) of the RBAC. An objective of the RBAC is to utilize the least privilege principle. And "Think like a manager" also requires us to think about the managerial benefit first which is reducing admin overhead by utilizing abstraction and the principle of least priv. So D

Its B. You are taking a security certification so, while D is a benefit, its not the BEST.

Going with D here, managing least privilege is a subset of admin overhead

Refer to CISSP 9th official guide chapter 14 page 157. RABC helps to implement of the 'least privilege ' policy.

D. This question asks for the most significant benefit or RBAC. I searched a lot and didn't find a single site that listed anything besides D is a benefit. A sounds good but I didn't see it anywhere, so D.

B is the correct answer

I choose D

B. Management of least privilege

D RBAC does not guarantee you give the least privilege. It allows you not to spend too much time doing it. Least priviledge is an objective, but RBAC does not guarantee it !

B. having a role will put the allowed priv already for the user. easier to manage.

You do not authorize someone some permission/role for reducing administration overhead. Least privilege always needs to be considered.