Which statement best describes IAM misconfigurations and their security impact?

IAM misconfigurations create privilege overreach when permissions are broader than what is actually needed. This breaches the principle of least privilege, so users or services can access more data, systems, or actions than appropriate. That extra access becomes a gateway for misuse, accidental exposure, or compromise if an account is hijacked, leading to breaches of confidentiality, integrity, or availability. The risk isn’t theoretical: broader permissions expand the blast radius, making it easier for an attacker to move laterally or escalate privileges. The idea that these misconfigurations always boost productivity isn’t accurate because while broad access might seem convenient, it increases security risk and can complicate governance and compliance. IAM issues aren’t limited to on-premise environments; they are a major concern in cloud and hybrid setups as well. And since overly permissive access can expose data, these misconfigurations do affect data confidentiality.