Question 37
Domain 4: Privacy Engineering and GovernanceA call center application shows full account histories to every agent because role setup is difficult. Which control most directly reduces exposure?
Correct answer: B
Explanation
Role-based access with least privilege limits each agent to only the data needed for their job, which directly reduces unnecessary exposure of account histories. Step-up access for exceptions adds extra authorization only when broader access is needed, aligning with the principle of least privilege.
Why each option is right or wrong
A. Use one shared password for all agents
B. Implement role-based access with least privilege and step-up access for exceptions
Under the principle of least privilege, access should be limited to the minimum necessary for the user’s job function, and broader access should require explicit authorization. In a call-center environment, exposing full account histories to every agent creates unnecessary disclosure risk; implementing role-based access control with exception-based step-up approval directly reduces that exposure by restricting routine access and forcing additional authorization only when elevated access is needed.
C. Install more antivirus software
D. Reboot the application weekly