CompTIA Security Plus Mock Test Q967

A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?

A. Time of day restrictions
B. Group based privileges
C. User assigned privileges
D. Domain admin restrictions


Correct Answer: B
Section: Access Control and Identity Management

Explanation:
The question states that the sales department has a high employee turnover. You can assign permissions to access resources either to a user or a group. The most efficient way is to
assign permissions to a group (group based privileges). Then when a new employee starts, you simply add the new user account to the appropriate groups. The user then inherits all
the permissions assigned to the groups.

Incorrect Answers:
A: Time of day restrictions refers to restricting access to resources to certain times of days. For example, in Windows Active Directory, you can configure user accounts to permit
logging in only during office hours. Time of day restrictions is not used to assign user rights to users.
C: You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). If you assign
permissions/privileges directly to a user, you need to assign the permissions/privileges to a new user account every time a new user starts. It’s much simpler to add the new user
account to a group that already has the appropriate permissions/privileges assigned.
D: Domain admin restrictions refer to applying restrictions to the Domain Administrator user account or accounts in the Domain Admins group to increase security. It is not used to
assign permissions or privileges to new sales users.

References:
https://technet.microsoft.com/en-gb/library/cc786285%28v=ws.10%29.aspx