Which statement best reflects the principle of least privilege?

Least privilege means giving users only the minimum permissions they need to do their work and regularly reviewing those permissions to keep them aligned with current needs. This approach reduces the risk if an account is compromised and limits the potential for accidental or malicious changes. The statement that describes granting only the minimum rights required for tasks and routinely reviewing access best captures this idea. It directly enforces minimal exposure and ongoing governance, keeping access tightly controlled. The other options miss the mark: granting all permissions increases risk and undermines security; avoiding audit and monitoring removes essential oversight; and while temporarily elevating privileges can be used in some practices, it introduces a window of higher risk and does not embody the ongoing enforcement of minimum access that least privilege requires.