CompTIA Security+ Exam Prep

Answer: D - The need-to-know access control is principled on the idea that individuals should be given access only to the information they absolutely require in order to perform their job duties. Management will decide what a user needs to know or what access rights are necessary and the administrator will configure the access control mechanisms. It is important to understand that it is management’s job to determine the security requirements of individuals and how access is authorized. The security administrator configures the security mechanisms to fulfill these requirements, but it is not their job to determine security requirements of users.