CompTIA Security+ (SY0-501) — Question 557

A system uses an application server and database server. Employing the principle of least privilege, only database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are performed by the business unit (a separate group from the database and application teams).
The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit. Which of the following approaches would BEST meet the organization's goals?

Answer options

• A. Restrict privileges on the log file directory to ג€read onlyג€ and use a service account to send a copy of these files to the business unit.
• B. Switch administrative privileges for the database and application servers. Give the application team administrative privileges on the database servers and the database team administrative privileges on the application servers.
• C. Remove administrative privileges from both the database and application servers, and give the business unit "read only" privileges on the directories where the log files are kept.
• D. Give the business unit administrative privileges on both the database and application servers so they can independently monitor server activity.

Correct answer: A

Explanation

Option A is correct because it maintains the least privilege principle while allowing the business unit access to the log files in a controlled manner. Option B violates the least privilege principle by swapping administrative roles, which could lead to unnecessary risks. Option C restricts both teams' access too much, potentially hindering their ability to perform necessary tasks. Option D would give the business unit excessive privileges, undermining the security protocols in place.