Access Control and Least Privilege Questions

Technical and governance knowledge of access control models and the principle of least privilege. Topics include role based access control and attribute based access control, privileged account management, periodic access reviews and attestation, auditing and logging of access to personal data, separation of duties, ephemeral credentialing, and engineering controls to enforce fine grained authorization. Candidates should describe how to balance operational needs with strong access governance and how access practices support incident response and auditability.