An administrator is configuring permissions for a new network share according to the principle of least privilege. Members of the accounting department must be able to add and edit files in the folder. Members from the auditing and sales departments should only be able to review the contents. Which set of permissions should the administrator assign to the accounting, auditing, and sales groups, respectively?
Read & execute for accounting, Write for auditing, Modify for sales
Write for accounting, Read for auditing and sales
Full control for accounting, Read & execute for auditing, Write for sales
Modify for accounting, Read & execute for auditing, Read for sales
The correct set of permissions adheres to the principle of least privilege. The accounting department's requirement to 'add and edit files' is best met with the 'Write' permission. The auditing and sales departments' requirement to 'review the contents' is met with the 'Read' permission. Using 'Read & execute' would be excessive for the auditing and sales teams as there is no requirement to run programs from the share. Granting 'Modify' or 'Full control' to the accounting department would also violate least privilege, as these permissions include rights (like deletion or changing permissions) that were not specified in the requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
Open an interactive chat with Bash
What is the difference between 'Read' and 'Read & execute' permissions?
Open an interactive chat with Bash
Why is 'Write' permission appropriate for the accounting department in this scenario?