PrepAway - Latest Free Exam Questions & Answers

How should the security manager secure the database?

Jill is establishing a companywide sales program that will require different user groups with different privileges to access information on a centralized database. How should the security manager secure the database?

PrepAway - Latest Free Exam Questions & Answers

A.
Increase the database’s security controls and provide more granularity.

B.
Implement access controls that display each user’s permissions each time they access the database.

C.
Change the database’s classification label to a higher security status.

D.
Decrease the security so that all users can access the information as needed.

Explanation:
A: The best approach to securing the database in this situation would be to increase the controls and assign very granular permissions. These measures would ensure that
users cannot abuse their privileges and the confidentiality of the information would be maintained. Granularity of permissions gives network administrators and security
professionals additional control over the resources they are charged with protecting, and a fine level of detail enables them to give individuals just the precise level of access they
need.
B is incorrect because implementing access controls that display each user’s permissions each time they access the database is an example of one control. It is not the
overall way of dealing with user access to a full database of information. This may be an example of increasing database security controls, but it is only one example and more
would need to be put into place.
C is incorrect because the classification level of the information in the database was previously determined based on its confidentiality, integrity, and availability levels. These
levels do not change simply because more users need access to the data. Thus, you would never increase or decrease the classification level of information when more users or
groups need to access that information. Increasing the classification level would only mean a smaller subset of users could access the database.
D is incorrect because it puts data at risk. If security is decreased so that all users can access it as needed, then users with lower privileges will be able to access data of
higher classification levels. Lower security also makes it easier for intruders to break into the database. As stated in answer C, a classification level is not changed just because
the number of users who need to access the data increases or decreases.


Leave a Reply