A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the
following security controls would be implemented to restrict those departments?

A.
User assigned privileges

B.
Password disablement

C.
Multiple account creation

D.
Group based privileges

Explanation:
Group-based privileges assign privileges or access to a resource to all members of a group. Group-based access control grants every member of the group the

same level of access to a specific object.
Incorrect Answers:
A: These are permissions that are granted or denied on a specific individual user basis. This would not allow for a more restrictive control over the department’s
shared folders.
B: Disabling a password would allow for a less restrictive control over the department’s shared folders.
C: Each user should only have one standard user account. Administrators can have more than one administrative account for different roles.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 290- 294.