CompTIA Security Plus Mock Test Q979

A company has 5 users. Users 1, 2 and 3 need access to payroll and users 3, 4 and 5 need access to sales. Which of the following should be implemented to give the appropriate access while enforcing least privilege?

A. Assign individual permissions to users 1 and 2 for payroll. Assign individual permissions to users 4 and 5 for sales. Make user 3 an administrator.
B. Make all users administrators and then restrict users 1 and 2 from sales. Then restrict users 4 and 5 from payroll.
C. Create two additional generic accounts, one for payroll and one for sales that users utilize.
D. Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.


Correct Answer: D
Section: Access Control and Identity Management

Explanation:
Assigning permissions to a group requires less effort than assigning permissions to individual users. When you have groups configured with the appropriate permissions, you can grant
the permissions to individual users by adding the users to the groups. Users can be members of multiple groups and therefore have multiple sets of permissions assigned to them. In
this answer, user 3 is a member of both groups which grants the user permission to both Sales and Payroll.

Incorrect Answers:
A: Assign individual permissions to individual users requires a lot more administrative effort than assigning permissions to groups and adding the users to the groups. Therefore, this
answer is incorrect.
B: The question states that you must enforce least privilege. Granting the users administrator access gives them full access to everything. They could even remove the restrictions that
this answer suggests using. Therefore, this answer is incorrect.
C: Employees should not share user accounts. You should grant the appropriate permissions to the users’ user accounts (by way of group membership); not create additional accounts
for multiple users to use. Therefore, this answer is incorrect.