Data Risks in Full Disk Encryption and File Share Permissions

A.

Based on the scenario described, the highly sensitive data files stored on the server file share are protected by full disk encryption and file system permissions. The accounting system uses a service account named accounting-svc to access the file share, and the share permission is set to Read Only for this account.

A. Exploitation of local console access and removal of data This risk is mitigated by the full disk encryption that protects the data on the server. Even if an attacker gains access to the local console, they would not be able to access the data without the encryption key.

B. Theft of physical hard drives and a breach of confidentiality Full disk encryption protects against theft of physical hard drives as well. Without the encryption key, the data on the stolen drives is inaccessible.

C. Remote exfiltration of data using domain credentials The scenario does not provide information on the network security measures in place or whether the domain credentials used by the accounting-svc account are adequately protected. As a result, this risk cannot be ruled out entirely.

D. Disclosure of sensitive data to third parties due to excessive share permissions The share permission for the accounting-svc account is Read Only, which means that this account can only read data from the share but cannot write to it. Therefore, this risk is also mitigated.

In conclusion, based on the protections described in the scenario, the data is still subject to the risk of remote exfiltration of data using domain credentials, but risks of exploitation of local console access, theft of physical hard drives, and disclosure of sensitive data to third parties due to excessive share permissions are all mitigated.