A new intern was assigned to the system engineering department, which consists of the system architect and system software developer’s teams. These two teams
have separate privileges. The intern requires privileges to view the system architectural drawings and comment on some software development projects. Which of
the following methods should the system administrator implement?

A.
Group based privileges

B.
Generic account prohibition

C.
User access review

D.
Credential management

Explanation:
You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges).
By assigning the intern’s user account to both groups, the intern will inherit the permissions assigned to those groups.
Incorrect Answers:
B: Generic account prohibition is a rule that states no generic, shared, or anonymous accounts should be allowed in private networks or on any system where
security is important. This will not allow the intern to view the system architectural drawings and comment on some software development projects.
C: User access reviews are performed to conclude whether users have been performing their work tasks correctly or if there have been failed and/or successful
attempts at violating company policies or the law. This will not allow the intern to view the system architectural drawings and comment on some software
development projects.
D: Credential management is a service or software product that is designed to store and manage user credentials. It allows users to specify longer and more
random credentials for their different accounts without having to remember or writing them down. This will not allow the intern to view the system architectural
drawings and comment on some software development projects.

https://technet.microsoft.com/en-gb/library/cc786285%28v=ws.10%29.aspx Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014,
pp 291- 294.