CV0-002 · Question #217
The legal department requires eDiscovery of hosted file shares. To set up access, which of the following is the BEST method to ensure the eDiscovery analyst only has the ability to search but not chan
The correct answer is D. RBAC. To grant an eDiscovery analyst search-only access to hosted file shares without allowing configuration changes, Role-Based Access Control (RBAC) is the most suitable method.
Question
The legal department requires eDiscovery of hosted file shares. To set up access, which of the following is the BEST method to ensure the eDiscovery analyst only has the ability to search but not change configuration or settings?
Options
- APKI
- BSSO
- CMFA
- DRBAC
How the community answered
(46 responses)- A2% (1)
- C4% (2)
- D93% (43)
Why each option
To grant an eDiscovery analyst search-only access to hosted file shares without allowing configuration changes, Role-Based Access Control (RBAC) is the most suitable method.
PKI (Public Key Infrastructure) is used for establishing identity and encrypting communications, not for defining user permissions.
SSO (Single Sign-On) simplifies authentication by allowing users to access multiple services with one set of credentials, but it does not define what actions they can perform within those services.
MFA (Multi-Factor Authentication) adds an extra layer of security during the authentication process to verify user identity, but it does not control specific permissions or roles once authenticated.
RBAC allows administrators to define specific roles with granular permissions, such as read-only access for eDiscovery functions, and then assign these roles to users or groups. This ensures the analyst can perform necessary searches while being explicitly prevented from modifying system configurations or settings, aligning with the principle of least privilege.
Concept tested: Role-Based Access Control (RBAC) for least privilege
Source: https://learn.microsoft.com/en-us/azure/role-based-access-control/overview
Topics
Community Discussion
No community discussion yet for this question.