In a corporate environment, specific guidelines stipulate that only employees from a designated department are allowed to access sensitive employee records, while the general workforce should have permissions to view standard operational procedures. How should the access controls be configured to align with this policy?
Apply a blanket policy that requires two-factor authentication for any document access, regardless of document type or employee role
Restrict all document access to top management only, with no access for regular employees
Implement access rules segregating permission to view sensitive documents based on departmental association, while granting universal access to operational guidelines
Allow complete access to all documents for every employee to ensure maximum availability
Placing the employees who need to work with personnel files into a department-specific group or role and granting that group permission to the employee-records repository-while giving the general Authenticated Users group read access to standard operating procedures-implements role-based access control and least-privilege. This keeps confidential data limited to those who need it and maintains availability of general information. The other options either expose sensitive data, block normal work, or add authentication factors without addressing the core authorization requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are access controls?
Open an interactive chat with Bash
What is the difference between sensitive information and operational procedures?
Open an interactive chat with Bash
What is the principle of least privilege in access control?