nerdexam
ExamsSY0-301Questions#577
CompTIA

SY0-301 · Question #577

SY0-301 Question #577: Real Exam Question with Answer & Explanation

The correct answer is B: Create an account with role-based access control for accounting.. Role-based access control (RBAC) grants permissions based on a user's organizational role, ensuring Joe receives exactly the access appropriate for an accountant without manual per-resource configuration.

Question

A company hired Joe, an accountant. The IT administrator will need to create a new account for Joe. The company uses groups for ease of management and administration of user accounts. Joe will need network access to all directories, folders and files within the accounting department. Which of the following configurations will meet the requirements?

Options

  • ACreate a user account and assign the user account to the accounting group.
  • BCreate an account with role-based access control for accounting.
  • CCreate a user account with password reset and notify Joe of the account creation.
  • DCreate two accounts: a user account and an account with full network administration rights.

Explanation

Role-based access control (RBAC) grants permissions based on a user's organizational role, ensuring Joe receives exactly the access appropriate for an accountant without manual per-resource configuration.

Common mistakes.

  • A. Assigning a user to an 'accounting group' is a form of group-based access control but does not specifically implement the structured, role-defined permissions that RBAC provides for meeting comprehensive departmental access requirements.
  • C. Creating an account with a password reset notification addresses account setup logistics but says nothing about assigning the required access permissions to accounting resources.
  • D. Creating a second account with full network administration rights violates least privilege by granting far more access than an accountant requires.

Concept tested. Role-based access control for departmental resource access

Reference. https://learn.microsoft.com/en-us/azure/role-based-access-control/overview

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice