CompTIA Security Plus Mock Test Q969

A new intern was assigned to the system engineering department, which consists of the system architect and system software developer’s teams. These two teams have separate privileges. The intern requires privileges to view the system architectural drawings and comment on some software development projects. Which of the following methods should the system administrator implement?

A. Group based privileges
B. Generic account prohibition
C. User access review
D. Credential management

Correct Answer: A
Section: Access Control and Identity Management

Explanation:
You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). By assigning the
intern’s user account to both groups, the intern will inherit the permissions assigned to those groups.

Incorrect Answers:
B: Generic account prohibition is a rule that states no generic, shared, or anonymous accounts should be allowed in private networks or on any system where security is important.
This will not allow the intern to view the system architectural drawings and comment on some software development projects.
C: User access reviews are performed to conclude whether users have been performing their work tasks correctly or if there have been failed and/or successful attempts at violating
company policies or the law. This will not allow the intern to view the system architectural drawings and comment on some software development projects.
D: Credential management is a service or software product that is designed to store and manage user credentials. It allows users to specify longer and more random credentials for
their different accounts without having to remember or writing them down. This will not allow the intern to view the system architectural drawings and comment on some software
development projects.

References:
https://technet.microsoft.com/en-gb/library/cc786285%28v=ws.10%29.aspx
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 291-294