CompTIA Security+ (SY0-501) — Question 354

A security administrator wants to implement least privilege access for a network share that stores sensitive company data. The organization is particularly concerned with the integrity of data and implementing discretionary access control. The following controls are available:
✑ Read = A user can read the content of an existing file.
✑ Write = A user can modify the content of an existing file and delete an existing file.
✑ Create = A user can create a new file and place data within the file.
A missing control means the user does not have that access. Which of the following configurations provides the appropriate control to support the organization/s requirements?

Answer options

• A. Owners: Read, Write, Create Group Members: Read, Write Others: Read, Create
• B. Owners: Write, Create Group Members: Read, Write, Create Others: Read
• C. Owners: Read, Write Group Members: Read, Create Others: Read, Create
• D. Owners: Write, Create Group Members: Read, Create Others: Read, Write, Create

Correct answer: A

Explanation

Option A is correct because it allows owners to fully manage the files while granting group members sufficient permissions to read and modify files, thus ensuring data integrity. The other options either provide excessive permissions to others or do not grant enough access to the group members, violating the principle of least privilege.