SY0-701 Question #189: Real Exam Question with Answer & Explanation

Question

An engineer moved to another team and is unable to access the new team's shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access?

Options

• ARole-based
• BDiscretionary
• CTime of day
• DLeast privilege

Explanation

Role-based access control (RBAC) grants permissions based on group membership or job role, not individual identity - so when the engineer's account wasn't moved to the new team's group, they inherited no permissions for that group's resources. This is the textbook RBAC scenario: access follows the role/group, not the person.

Why the others are wrong:

• B. Discretionary (DAC) - DAC lets resource owners grant access individually; the symptom here is systematic group-level denial, not an owner withholding access from one person.
• C. Time of day - This restricts when you can log in, not what you can access; the engineer can still access the old team's folders at any time.
• D. Least privilege - This is a security principle (give only minimum necessary access), not a specific access control mechanism; it doesn't explain the group-based permission structure described.

Memory tip: Think "RBAC = Roles in a Box" - your permissions live inside whatever group box you're assigned to. If you're not in the box, you can't open it.

No community discussion yet for this question.