What must documented approvals specify for privileged access?

• A. All of the above
• B. That the required privileges exist for the assigned privileges
• C. That the approval was by authorized parties
• D. That the specified privileges match the roles assigned to the individual

Answer: (A)

Privileged access controls rely on approvals that are complete and auditable. The documented approval must clearly show three things: first, that the requested privileges actually exist for the user’s assigned rights, so you’re not granting non-existent or inappropriate capabilities; second, that the approval came from authorized parties, ensuring accountability and proper governance; and third, that the specified privileges align with the user’s role, supporting role-based access and the principle of least privilege. When all three elements are included, the approval provides a precise, accountable, and role-consistent record for privileged access. That’s why all of these elements together are required.