CISSP · Question #1484
Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary?
The correct answer is A. Limit access to predefined queries. This question tests knowledge of database access controls that allow aggregate data queries while preventing disclosure of individual records, a concept known as inference control.
Question
Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary?
Options
- ALimit access to predefined queries
- BSegregate the database into a small number of partitions each with a separate security level
- CImplement Role Based Access Control (RBAC)
- DReduce the number of people who have access to the system for statistical purposes
How the community answered
(23 responses)- A83% (19)
- B4% (1)
- C4% (1)
- D9% (2)
Why each option
This question tests knowledge of database access controls that allow aggregate data queries while preventing disclosure of individual records, a concept known as inference control.
Limiting access to predefined queries restricts users to only executing pre-approved aggregate functions (such as AVG, SUM, COUNT) that return group-level results, preventing them from constructing ad-hoc queries that could isolate and retrieve an individual employee's salary. This is a direct technical countermeasure against the inference problem in databases, where aggregate permissions could otherwise be exploited to deduce individual values. By controlling the query interface itself, the system ensures no raw row-level salary data is ever exposed.
Partitioning the database into security levels controls which data sets users can access by classification, but does not prevent a user with access to a salary partition from querying individual records within that partition.
RBAC grants or restricts access based on job roles, but if a role is permitted to view salary data for statistical purposes, it does not inherently prevent that role from querying individual salary records unless additional query-level restrictions are applied.
Reducing the number of users with statistical access is an administrative control that limits exposure but does not technically prevent any authorized user from viewing an individual employee's salary record.
Concept tested: Database inference control via predefined query restrictions
Source: https://learn.microsoft.com/en-us/sql/relational-databases/security/permissions-database-engine
Topics
Community Discussion
No community discussion yet for this question.