To answer this question, you need to understand the concept of access control and the principle of least privilege.
Option A) Discretionary access control - This option is incorrect because discretionary access control refers to a security model where users have control over their own resources and can grant or restrict access to those resources. It does not specifically address the principle of granting access to only necessary resources.
Option B) Separation of duties - This option is incorrect because separation of duties refers to the practice of dividing responsibilities among multiple users to prevent fraud or errors. While it can help with access control, it does not specifically address granting access to only necessary resources.
Option C) Least privilege - This option is correct because the principle of least privilege states that a user or process should only be granted access to the resources necessary to perform their assigned functions. By adhering to this principle, organizations can minimize the potential damage caused by unauthorized access or misuse of resources.
Option D) Rotation of duties - This option is incorrect because rotation of duties refers to the practice of periodically changing job assignments to prevent fraud or errors. It is not directly related to granting access to only necessary resources.
The correct answer is C) Least privilege. This option is correct because it aligns with the principle of granting access to only those resources necessary to perform assigned functions.