CompTIA
CV0-003 · Question #556
CV0-003 Question #556: Real Exam Question with Answer & Explanation
The correct answer is D: Implement mandatory access control. Mandatory access control (MAC) enforces system-wide policies that restrict what actions users can take, preventing even authorized users from modifying system configurations beyond what policy allows.
Security
Question
Which of the following will mitigate the risk of users who have access to an instance modifying the system configurations?
Options
- AImplement whole-disk encryption
- BDeploy the latest OS patches
- CDeploy an anti-malware solution
- DImplement mandatory access control
Explanation
Mandatory access control (MAC) enforces system-wide policies that restrict what actions users can take, preventing even authorized users from modifying system configurations beyond what policy allows.
Common mistakes.
- A. Whole-disk encryption protects data confidentiality at rest but does not prevent an authenticated user with instance access from modifying system configurations.
- B. Deploying OS patches addresses known software vulnerabilities but does not restrict or govern what configuration changes an authorized user can make.
- C. Anti-malware solutions detect and block malicious software but do not control the actions of legitimate users who already have access to the instance.
Concept tested. Mandatory access control for insider configuration risk
Reference. https://csrc.nist.gov/glossary/term/mandatory_access_control
Topics
#mandatory access control#MAC#instance security#access control models
Community Discussion
No community discussion yet for this question.