nerdexam
CompTIA

CV0-003 · Question #451

A new service request asks for all members of the finance department to have access to the accounting department's file server VMs on the private cloud environment. Which of the following is the MOST

The correct answer is A. Set up duplicate file server VMs that the finance department has access to and enable two-way replication.. In a private cloud, provisioning dedicated file server VMs for finance with two-way replication fulfills the access request while preserving departmental data isolation.

Operations

Question

A new service request asks for all members of the finance department to have access to the accounting department's file server VMs on the private cloud environment. Which of the following is the MOST efficient way to fulfill this service request?

Options

  • ASet up duplicate file server VMs that the finance department has access to and enable two-way replication.
  • BAdd all users of the finance department to the accounting departments file server VMs access lists.
  • CImplement a single sign-on and two-factor authentication solution using a soft token.
  • DCreate a new group for the finance department that will allow access to the accounting department's file

How the community answered

(40 responses)
  • A
    93% (37)
  • B
    3% (1)
  • D
    5% (2)

Why each option

In a private cloud, provisioning dedicated file server VMs for finance with two-way replication fulfills the access request while preserving departmental data isolation.

ASet up duplicate file server VMs that the finance department has access to and enable two-way replication.Correct

Creating separate file server VMs for the finance department with two-way replication from the accounting VMs ensures finance users get synchronized, up-to-date access without altering the accounting department's existing VM permissions or access control lists. This approach maintains departmental boundaries in the private cloud by keeping each department's VM access scope independent, which aligns with the principle of least privilege and separation of duties. It also scales cleanly as the finance department grows without requiring repeated changes to accounting's security configuration.

BAdd all users of the finance department to the accounting departments file server VMs access lists.

Manually adding each finance user to the accounting file server VM access lists is operationally inefficient and violates departmental access boundary principles in a private cloud.

CImplement a single sign-on and two-factor authentication solution using a soft token.

Implementing SSO and two-factor authentication addresses identity and authentication security but does not fulfill the service request to grant file server resource access.

DCreate a new group for the finance department that will allow access to the accounting department's file

Creating a group for finance to directly access the accounting department's file server VMs modifies accounting's access controls, which may violate separation-of-duties policies and expose accounting data beyond its intended scope.

Concept tested: Private cloud VM access provisioning and departmental isolation

Source: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/identity-and-access-management

Topics

#access control#group management#IAM#file server

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice