Exam CISSP Topic 1 Question 1784 Discussion

Discussion: Implicit Deny is a method of controlling access to data by denying access to ALL data then granting only to what the user needs to do their jobs. The converse being Explicit Deny where you only deny access for users for a smaller set of data and permit access to all other data. (Worst practice) Similar to the term of least privilege where users are only given access to data the must have in order to carry out their job duties, Implicit Deny principle denies by default access to information. More simply put, access to ALL data is denied by default and only necessary access is given to data so they employee can carry out their job duties. This term is common to firewalls or other filtering devices where, unless traffic is specifically permitted it is denied by default to enhance security.
The following answers are incorrect:
-Explicit Deny: Sorry, this is incorrect. Explicit Deny means users are given access to ALL data and only denied to a smaller subset of data. This a dangerous practice for information security.
-Implied Permissions: Sorry, incorrect answer. This isn't a commonly used term in risk reduction methodology.
-Explicit Permit: Sorry, also incorrect. Explicit means users are specifically given access but isn't used normally with the permit rule.
The following reference(s) was used to create this question: 2013. Official Security+ Curriculum.