What best describes least privilege?

Least privilege means granting users only the rights they need to perform their job, which minimizes what can be accessed or changed and reduces the risk of abuse or mistakes. This approach lowers the attack surface and helps contain damage if credentials are compromised because limited permissions prevent wide-ranging actions. The best answer states that access should be restricted to what is necessary for the job, aligning privileges with actual duties and enabling better security oversight. The other options miss the mark: giving everyone full access expands risk; removing all privileges cripples essential work; and assigning privileges based on tenure ignores role and need-to-know, which can leave tasks underprotected or unnecessary privileges granted. For example, a payroll clerk should access payroll data but not confidential HR records, while a developer should access only systems they manage, not the entire production environment.