CompTIA Security+ (SY0-501) — Question 720

A systems developer needs to provide machine-to-machine interface between an application and a database server in the production environment. This interface will exchange data once per day. Which of the following access control account practices would BEST be used in this situation?

Answer options

• A. Establish a privileged interface group and apply read-write permission to the members of that group.
• B. Submit a request for account privilege escalation when the data needs to be transferred.
• C. Install the application and database on the same server and add the interface to the local administrator group.
• D. Use a service account and prohibit users from accessing this account for development work.

Correct answer: D

Explanation

The correct answer is D because using a service account helps ensure that only the application can access the database, enhancing security and minimizing risks. Option A allows excessive permissions, which can be a security risk, while B introduces unnecessary manual processes, and C compromises security by giving elevated privileges to the local administrator group.