CompTIA CASP+ (CAS-004) — Question 363

A commercial OSINT provider utilizes and reviews data from various sources of publicly available information. The provider is transitioning the subscription service to a model that limit's the scope of available data based on subscription tier. Which of the following approaches would best ensure subscribers are only granted access to data associated with their tier? (Choose two.)

Answer options

• A. Storing collected data on separate physical media per tier
• B. Controlling access to data based on the role of users
• C. Employing attribute-based access control
• D. Implementing a behavior-based IDS positioned at the storage network gateway
• E. Establishing a classification and labeling scheme
• F. Implementing a mandatory access control scheme

Correct answer: B, E

Explanation

The correct answers, B and E, are effective because controlling access by user roles ensures that only designated users can view specific data, while a classification and labeling system helps organize data according to its tier. Options A, C, D, and F are less suitable; A involves physical separation that may not be practical, C is more complex than necessary, D focuses on security monitoring rather than access control, and F is too rigid for subscription-based access.