Answer D: Why, glad you asked.... Least privilege extends beyond human access. The model can be applied to applications, systems or connected devices that require privileges or permissions to perform a required task. So internet access is being limited until it is needed to perform a specific task. A) is incorrect because they are giving 1 admin all the core roles when they may not need all of them to do their job. Of course the argument can be made that they are the only admin and will need all core admin rights, but that is not the same as limiting access for a particular system or person to only have the rights they need to do their job.

The correct answer is D. "Network segments remain private if unneeded to access the internet." The least privilege principle in a cloud environment advocates for providing users and systems with the minimum level of access or permissions necessary to perform their tasks or functions. By restricting access to only what is essential, the risk of unauthorized access or potential security breaches is minimized. Option D reflects the least privilege principle by emphasizing that network segments should remain private unless there is a specific need for them to access the internet. This approach helps limit exposure and potential attack vectors, aligning with the concept of least privilege.

Option D is the best answer because it best describes the principle of least privilege in a cloud environment. The least privilege principle states that users should only be given the minimum permissions necessary to perform their duties. Option D reflects this by suggesting network segments remain private and isolated if they don't need internet access. This restricts exposure and limits access to only what is required. Option A is incorrect because having a single admin with full core access violates least privilege. Option B is unrelated to least privilege and describes firewall inspection. Option C refers to network routing, not permissions.

A is correct because the user is doing core functions and D is wrong because you need to ask for higher privileges to access other networks.

This is a tricky question. Considering granting access to the internet is a privilege. And considering a network zone in the cloud can host users, applications and services, we can tell that all of those entities are having the least privilege to remain in the private zone unless required. So, D is possible. However, if we stick that the Principle of Least Privilege only applies for users, then it is A. But I am lenient to D.

Answer: A - I think what they're trying to refer to is how you create one admin account in cloud environments to do the "core" management and then everything is is delegated to other roles. CISSP tries to be vendor agnostic but it looks like they're describing the MS Azure practice of creating one global admin (or as few as possible) to do certain functions.

The correct answer is A. The reason option D is not the BEST answer in the context of least privilege is that it specifically refers to network segments and their connectivity to the internet. While it is a valid security practice, the least privilege principle is more commonly associated with user and system access permissions rather than network segmentation.

Answer is A, despite not being very specific and not accurate. From Official Study Guide: "The principle of least privilege states that users should be granted the minimum amount of access necessary for them to complete their required work tasks or job responsibilities" It talks about what a "User" can/cannot do and not what a network segment or a machine can/cannot do.

Priviledge has to do with access. So, the correct answer is A. Access could've been granted to all the administrators but the key word here is "single".

Answer D, least privilege principal, provider user/resource enough privilege to perform role/duty.

Correct answer is D. A doesn't describe least privilege, if you needed to have two cloud administrators access core functions, you would have to give them to the second one and that doesn't relate to least privilege at all. That may be more related to segregation of functions if you decide you only need one cloud administrator for that or if you see that having 2 admins and divide their core functions access would be most secure. D, on the other hand, is related to least privilege through segregation of the network, ensuring users in an environment don't access other environments they don't need for their work functions.

Preventing unnecessary access is D. A is a violation of PoLP and is a SPF.

Least Privilege is basically based on User roles and privileges. BCD are Security Practices.

I say D, A is close but I don't know if a single admin account that controls the core is the right way to go. Youd likely need one as a (not truly) global, another as a "break glass account" that no one uses and has a fido key in a safe or something somewhere, and the rest of the admins would be granted permissions under those.

Good day friends, I'm currently preparing for CISSP exam and I need your support. Could anyone please send me the PDF of the questions bank and any other resources that will help me pass this exam. You can send it to my email <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1565677a737760676674676c557278747c793b767a78">[email protected]</a> Thank you

Answer is A

when you say A as answer, you are implying that one entity would manage the full cloud, so the breach here is the Admin can change access control, however when you are on a private sub-net (D) with your own admin, then you are in a somehow safe environment, never the less i do not like the cloud, as it is a supplier lock mechanism, i prefer on premises infra structure, be it a Virtualization on service or on systems