CompTIA Cloud+ Exam CV0-003: Access Control Rules for Cloud Environment

Access Control Rules for Cloud Environment

Question

A cloud administrator is reviewing the authentication and authorization mechanism implemented within the cloud environment.

Upon review, the administrator discovers the sales group is part of the finance group, and the sales team members can access the financial application.

Single sign-on is also implemented, which makes access much easier.

Which of the following access control rules should be changed?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

The access control rule that should be changed in this scenario is the Role-based access control (RBAC).

Role-based access control is a widely used access control model that grants access based on the role or job function of the user. In RBAC, users are assigned roles, and permissions are assigned to those roles. Users inherit permissions based on their assigned roles, and access to resources is granted based on those permissions.

In this scenario, the sales team members have access to the financial application because they are part of the finance group, which implies that the finance group has been granted permission to access the financial application. However, it is not appropriate for the sales group to have access to the financial application just because they are part of the finance group.

RBAC is designed to provide access based on job function or role, which means access should be granted based on the role of the user and not their group membership. Therefore, the administrator should remove the sales group from the finance group's role-based access control list and assign a new role to the sales team members that reflect their job function.

The other access control models, such as discretionary-based, attribute-based, and mandatory-based access control, are not relevant to this scenario since they are not designed to grant access based on job function or role.

Discretionary access control (DAC) relies on the owner of an object to control access to it. Attribute-based access control (ABAC) grants access based on attributes of the user, object, or environment. Mandatory access control (MAC) uses security labels to determine access.

In conclusion, the access control rule that should be changed is the Role-based access control (RBAC) to ensure that access is granted based on job function or role, not group membership.