An organization needs to restrict access to sensitive data files stored on a network share. They require that only members of the finance department can read and modify these files, and that all access attempts are recorded for auditing purposes. Which of the following methods will BEST meet these requirements?
Allow file owners to set permissions using Discretionary Access Control (DAC).
Implement Role-Based Access Control (RBAC) to assign permissions based on user roles.
Use Mandatory Access Control (MAC) to enforce policies based on data classification.
Assign permissions to the finance group on the shared folder and enable auditing on the folder.
Assigning permissions to the finance group on the shared folder and enabling auditing on the folder will best meet the organization's requirements. This method ensures that only authorized finance department members have the necessary access while providing a record of all access attempts for compliance and monitoring.
Implementing Role-Based Access Control (RBAC) assigns permissions based on roles but does not, by itself, turn on the file-system auditing required in this scenario. Using Mandatory Access Control (MAC) enforces strict policies based on data-classification labels, which can be unnecessarily complex and inflexible for this need. Allowing file owners to set permissions with Discretionary Access Control (DAC) can result in inconsistent settings and still requires separate configuration to guarantee that all access attempts are audited.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between auditing and access permissions?
Open an interactive chat with Bash
How does Group-Based Access Control differ from Role-Based Access Control (RBAC)?
Open an interactive chat with Bash
Why is Mandatory Access Control (MAC) considered overly complex for most organizations?