← Concepts
Threats, Vulnerabilities, and MitigationsSY0-701 · Task 2.4

Privilege escalation — SY0-701

CompTIA Security+ SY0-701 reference page on privilege escalation: definition, mental model, exam traps, and related concepts grounded in NIST sources.

WHAT IT IS

A privilege is "a right granted to an individual, a program, or a process" (CNSSI 4009-2015, via NIST Glossary). Privilege escalation is the act of gaining privileges beyond those that were originally authorized — that is, obtaining access rights or permissions that exceed what was granted to the subject.

The MITRE ATT&CK framework describes this tactic as adversaries trying "to gain higher-level permissions on a system or network," using techniques to obtain access beyond the level established at initial entry.

Mental model

Think of an office building where every employee badge unlocks only certain floors. Privilege escalation is the moment someone exploits a flaw — in the badge reader, the building's rules, or another person's badge — to reach a floor they were never authorized to enter.

The key insight: the attacker's credentials or identity may be entirely valid; what changes is the scope of what those credentials can do. The escalation is the gap between authorized behavior and actual behavior.

When to use it

Candidates sometimes conflate privilege escalation with adjacent concepts. The clearest way to distinguish them:

ConceptCore questionWhat changes
Privilege escalationDid the subject gain rights beyond what was authorized?The scope of authorization a subject can exercise
Unauthorized accessDid an unauthenticated or wrong subject gain entry?Whether the subject should have any access at all
Lateral movementDid the subject move to a different system or account at the same privilege level?The target system or account, not necessarily the privilege level

The authorization definitions from NIST are the anchor here: authorization is "access privileges granted to a user, program, or process" (CNSSI 4009-2015, via NIST Glossary). Escalation specifically means those privileges expand beyond the grant.

COMMON MISCONCEPTION

The trap: equating privilege escalation with getting administrator or root access specifically.

Privilege escalation is defined by the relationship between what was granted and what was obtained — not by a fixed endpoint. A low-privileged user moving to a slightly higher (but still non-admin) role has escalated privileges. A process gaining rights beyond its authorized behavior has escalated privileges, even if it never reaches the highest system level.

NIST defines a privilege as "a right granted to an individual, a program, or a process" (CNSSI 4009-2015). The escalation is the unauthorized expansion of that right — the endpoint (admin, root, or otherwise) is a consequence, not the defining characteristic.

A related misconception is that privilege escalation always involves exploiting a software vulnerability. NIST defines a vulnerability as a "weakness in an information system, system security procedures, internal controls, or implementation that could be exploited" (NIST SP 800-30 Rev. 1). Escalation can occur through misconfigured access controls, weak procedures, or social engineering — not only through software flaws.

How it shows up on the exam

The cognitive target here is analysis: given a described scenario, identify whether the activity constitutes privilege escalation versus an adjacent concept (unauthorized access, lateral movement, or misuse of legitimately held privileges).

Candidates often confuse the following:

  • A scenario where a legitimate user's account is used to reach a higher-privilege resource may be escalation — or it may be a misconfiguration that permitted access that was, technically, "authorized" by a flawed policy. The distinction turns on whether the resulting access exceeded what the authorization grant intended.
  • "An attempt to gain unauthorized access to system services, resources, or information" (NIST SP 800-82r3) describes the general category of attack — privilege escalation is a specific mechanism for achieving that result from a position that already has some foothold.

Signal phrases in scenario stems that point toward privilege escalation:

  • A user or process "gained access to resources beyond their assigned role"
  • "Exploited a flaw to run code with elevated rights"
  • A subject "modified their own access token" or "assumed another process's identity"

The principle of least privilege — "each entity is granted the minimum system resources and authorizations that the entity needs to perform its function" (NIST SP 800-53 Rev. 5) — is the defensive control most directly referenced in questions about privilege escalation mitigations.

Related concepts

Sources

Every claim on this page traces to the public exam blueprint and official documentation:

CutScore is an independent study tool and is not affiliated with, authorized by, endorsed by, or sponsored by Amazon Web Services. “AWS” and “AWS Certified AI Practitioner” are trademarks of Amazon.com, Inc. or its affiliates. All content is independently authored from the public exam blueprint and official documentation — no real exam content is used.

The exam-readiness instrument. Know if you’re ready before you book.

Product
PricingConceptsBlog
Legal
PrivacyTermsRefund policy
Company
Contact
© 2026 The Plain Works Co.AWS and AWS Certified AI Practitioner are trademarks of Amazon.com, Inc. or its affiliates. CutScore is independent and not affiliated with, endorsed by, or sponsored by Amazon Web Services.