Ann has read and written access to an employee database, while Joe has only read access. Ann is leaving for a conference. Which of the following types of authorization could be utilized to trigger write access for Joe when Ann is absent?
A. Mandatory access control B. Role-based access control C. Discretionary access control D. Rule-based access control
An audit has revealed that database administrators are also responsible for auditing database changes and backup logs. Which of the following access control methodologies would BEST mitigate this concern?
A. Time of day restrictions B. Principle of least privilege C. Role-based access control D. Separation of duties
An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is:
A. Rule-based access control B. Role-based access control C. Mandatory access control D. Discretionary access control
Joe is a helpdesk specialist. During a routine audit, a company discovered that his credentials were used while he was on vacation. The investigation further confirmed that Joe still has his badge and it was last used to exit the facility. Which of the following access control methods is MOST appropriate for preventing such occurrences in the future?
A. Access control where the credentials cannot be used except when the associated badge is in the facility B. Access control where system administrators may limit which users can access their systems C. Access control where employee’s access permissions is based on the job title D. Access control system where badges are only issued to cleared personnel
A security administrator is designing an access control system, with an unlimited budget, to allow authenticated users access to network resources. Given that a multifactor authentication solution is more secure, which of the following is the BEST combination of factors?
A. Retina scanner, thumbprint scanner, and password B. Username and password combo, voice recognition scanner, and retina scanner C. Password, retina scanner, and proximity reader D. One-time password pad, palm-print scanner, and proximity photo badges
A file on a Linux server has default permissions of rw-rw-r–. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file?
A. User ownership information for the file in question B. Directory permissions on the parent directory of the file in question C. Group memberships for the group owner of the file in question D. The file system access control list (FACL) for the file in question
Correct Answer: C Section: Access Control and Identity Management
The file permissions according to the file system access control list (FACL) are rw-rw-r–.
The first ‘rw-‘ are the file owner permissions (read and write).
The second ‘rw-‘ are the group permissions (read and write) for the group that has been assigned the file.
The third ‘r–‘ is the All Users permissions; in this case read only.
To enable Ann to access the file, we should add Ann to the group that has been assigned to the file.
A: You should not modify the ownership of the file to give another user access to the file. Therefore, this answer is incorrect.
B: Ann only needs to access the file, not the entire directory so you should not modify the permissions of the directory. Therefore, this answer is incorrect.
C: You should not modify Group memberships for the group owner of the file to give another user access to the file. Therefore, this answer is incorrect.
A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?
A. Role-based privileges B. Credential management C. User assigned privileges D. User access
Correct Answer: A Section: Access Control and Identity Management
In this question, we have engineers who require different tools and applications according to their specialized job function. We can therefore use the Role-Based Access Control
Role-Based Access Control (RBAC) models approach the problem of access control based on established roles in an organization. RBAC models implement access by job function or
by responsibility. Each employee has one or more roles that allow access to specific information. If a person moves from one role to another, the access for the previous role will no
longer be available.
Instead of thinking “Denise needs to be able to edit files,” RBAC uses the logic “Editors need to be able to edit files” and “Denise is a member of the Editors group.” This model is
always good for use in an environment in which there is high employee turnover.
B: Credential management is the management or storage of usernames and passwords. Credential management is not used to assign privileges or software configurations. Therefore,
this answer is incorrect.
C: We could use user assigned privileges. However, this involves configuring privileges on a per user basis. Every time a new engineer starts, you would have to configure his
privileges. Therefore, this answer is incorrect.
D: User access is a generic term, not a specific configuration. We need to configure user access but other answers define how the user access is configured. Therefore, this answer is
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 151-152