CompTIA Security Plus Mock Test Q988

Ann is a member of the Sales group. She needs to collaborate with Joe, a member of the IT group, to edit a file. Currently, the file has the following permissions:
Ann: read/write
Sales Group: read
IT Group: no access
If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Joe?

A. Add Joe to the Sales group.
B. Have the system administrator give Joe full access to the file.
C. Give Joe the appropriate access to the file directly.
D. Remove Joe from the IT group and add him to the Sales group.


Correct Answer: C
Section: Access Control and Identity Management

Explanation:
Joe needs access to only one file. He also needs to ‘edit’ that file. Editing a file requires Read and Write access to the file. The best way to provide Joe with the minimum required
permissions to edit the file would be to give Joe the appropriate access to the file directly.

Incorrect Answers:
A: The Sales group only has read access to the file. Joe needs Read and Write access to the file. Adding Joe to the Sales group will not provide him with the required access to the
file. Therefore, this answer is incorrect.
B: Joe needs Read and Write access to the file; he does not need full access to the file. It is best practice from a security perspective to provide the minimum permissions required.
Therefore, this answer is incorrect.
D: Something to watch out for with these questions: ‘No access’ means the group has not been granted ‘or denied’ access to the file. “Access Denied” is different. It means access has
been explicitly denied. Access Denied would override all other access granted permissions.
The Sales group only has read access to the file. Joe needs Read and Write access to the file. Adding Joe to the Sales group will not provide him with the required access to the file.
Therefore, this answer is incorrect.