Home » Cisco » 300-550 » Which computer security concept is violated when a web server is written that uses the “root” account for all interactions with a Linux system?
Which computer security concept is violated when a web server is written that uses the “root” account for all interactions with a Linux system?
A. RBAC
B. PermitRootLogin
C. certificate-based authentication
D. principle of least privilege
Correct Answer: D
Explanation/Reference:
Explanation:
Least privilege: This principle applies a need-to-know approach to trust relationships between security domains. The idea, which originated in military and intelligence operations, is that if fewer people know about certain information, the risk of unauthorized access is diminished. In network security, this results in restrictive policies, where access to and from a security domain is allowed only for the required users, application, or network traffic. Everything else is denied by default.
