Scenario: In a financial institution's database system, a junior analyst is granted access to sensitive customer financial data, which they do not need for their job. This poses a security risk. What type of access control issue does this scenario represent?
- Attribute-Based Access Control
- Discretionary Access Control
- Mandatory Access Control
- Role-Based Access Control
In this scenario, the issue represents a Discretionary Access Control (DAC) problem. DAC allows users to have control over their own resources and data, often leading to situations where users can grant access to others unnecessarily, as seen with the junior analyst having access to sensitive data they don't need. Implementing stricter access controls, such as Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC), would help mitigate this risk by ensuring that only authorized individuals can access sensitive data based on their roles or attributes.
Loading...
Related Quiz
- What is the primary objective of load testing?
- In SQL, the "ROLLBACK" statement is used to ____________ a transaction and undo its changes.
- During test script execution, the results are compared to the _______ to determine pass or fail.
- Which type of testing primarily focuses on validating the correctness of SQL queries within test scripts?
- Scenario: During an audit, you discover that a database uses outdated encryption algorithms that are no longer considered secure. What should be the immediate action to enhance the database's security?