What is the principle of least privilege?

Correct answer: Users should have minimum access necessary to perform their job functions

Option C is correct because the principle of least privilege dictates that every user, process, or system should be granted only the minimum permissions necessary to perform their legitimate job functions, reducing the attack surface and limiting the potential damage from compromised accounts or insider threats. Option A is incorrect because granting all users administrator access directly violates least privilege and creates enormous security exposure, since any compromise of a user account would grant full system control. Option B is incorrect because even high-level executives should be subject to least privilege; their business role does not require complete system access, and broad permissions increase the risk of accidental or malicious misuse. Option D is incorrect because privileges should evolve with job roles and be revoked when no longer needed; static, unchanging privileges can accumulate over time into excessive access, a problem sometimes called privilege creep.