A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?
A. Time of day restrictions B. Group based privileges C. User assigned privileges D. Domain admin restrictions
Answer: B
Explanation: The question states that the sales department has a high employee turnover. You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). Then when a new employee starts, you simply add the new user account to the appropriate groups. The user then inherits all the permissions assigned to the groups.
After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO).
A. Recovery B. User assigned privileges C. Lockout D. Disablement E. Group based privileges F. Password expiration G. Password complexity
Answer: F,G
Explanation: Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that includes some character type complexity, the more resistant it is to password-cracking techniques. In most cases, passwords are set to expire every 90 days.
A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?
A. Role-based privileges B. Credential management C. User assigned privileges D. User access
Answer: A
Explanation: In this question, we have engineers who require different tools and applications according to their specialized job function. We can therefore use the Role-Based Access Control model. Role-Based Access Control (RBAC) models approach the problem of access control based on established roles in an organization. RBAC models implement access by job function or by responsibility. Each employee has one or more roles that allow access to specific information. If a person moves from one role to another, the access for the previous role will no longer be available. Instead of thinking “Denise needs to be able to edit files,” RBAC uses the logic “Editors need to be able to edit files” and “Denise is a member of the Editors group.” This model is always good for use in an environment in which there is high employee turnover.
A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments?
A. User assigned privileges B. Password disablement C. Multiple account creation D. Group based privileges
Answer: D
Explanation: Group-based privileges assign privileges or access to a resource to all members of a group. Group-based access control grants every member of the group the same level of access to a specific object.
The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?
A. Rule based access control B. Mandatory access control C. User assigned privilege D. Discretionary access control
Answer: D
Explanation: Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.