A security administrator wants to implement least privilege access for a network share that stores sensitive company data. The organization is particularly concerned with the integrity of data and implementing discretionary access control.
The following controls are available:
Read = A user can read the content of an existing file.
Write = A user can modify the content of an existing file and delete an existing file. Create = A user can create a new file and place data within the file.
A missing control means the user does not have that access. Which of the following configurations provides the appropriate control to support the organization/s requirements?
A. Owners: Read, Write, CreateGroup Members: Read, Write
Others: Read, Create
B. Owners: Write, Create
Group Members: Read, Write, Create Others: Read
C. Owners: Read, Write
Group Members: Read, Create
Others: Read, Create
D. Owners: Write, CreateGroup Members: Read, Create
Others: Read, Write, Create
I’ll just add, this question is worded Poorly
A doesn’t make any sense. Why would non-group members (“other”) be able to Create when Group Members cannot Create.
B makes the most sense if we assume Write access automatically grants Read access, since you need Read to Write. You can’t modify the contents of an existing file if you don’t also have permission to read the contents of said file.
The key term is “least privilege” and A is the only one that show a succession of permissions.
Anyone knows why this is A?
What stood out for me was that A was the only answer where the owner had Read, Write, and Create permissions. Under DAC, owners have full control over the resource.