Ann is a member of the Sales group. She needs to collaborate with Joe, a member of the IT group, to edit
a file. Currently, the file has the following permissions:
Ann: read/write
Sales Group: read
IT Group: no access
If a discretionary access control list is in place for the files owned by Ann, which of the following would be
the BEST way to share the file with Joe?

A.
Add Joe to the Sales group.

B.
Have the system administrator give Joe full access to the file.

C.
Give Joe the appropriate access to the file directly.

D.
Remove Joe from the IT group and add him to the Sales group.

Explanation:
Joe needs access to only one file. He also needs to ‘edit’ that file. Editing a file requires Read and Write
access to the file. The best way to provide Joe with the minimum required permissions to edit the file
would be to give Joe the appropriate access to the file directly.
Incorrect Answers:
A: The Sales group only has read access to the file. Joe needs Read and Write access to the file. Adding
Joe to the Sales group will not provide him with the required access to the file. Therefore, this answer is
incorrect.
B: Joe needs Read and Write access to the file; he does not need full access to the file. It is best practice
from a security perspective to provide the minimum permissions required. Therefore, this answer is
incorrect.
D: Something to watch out for with these questions: ‘No access’ means the group has not been granted
‘or denied’ access to the file. “Access Denied” is different. It means access has been explicitly denied.
Access Denied would override all other access granted permissions.
The Sales group only has read access to the file. Joe needs Read and Write access to the file. Adding Joe
to the Sales group will not provide him with the required access to the file. Therefore, this answer is
incorrect.