Scenario: An organization's database contains highly confidential employee data. Access control testing reveals that unauthorized employees can view this data. What access control measure should be implemented to address this issue?
- Enforce Principle of Least Privilege
- Implement Access Control Lists (ACLs)
- Implement Intrusion Detection Systems (IDS)
- Use Encryption for Data-at-Rest
The correct access control measure to address this issue is to enforce the Principle of Least Privilege (PoLP). PoLP ensures that each user, system, or process has the minimum level of access necessary to perform their tasks. By enforcing PoLP, unauthorized employees would not have access to highly confidential employee data unless explicitly granted permission. Implementing Access Control Lists (ACLs) might help restrict access but may not enforce the principle of least privilege as effectively. Using encryption for data-at-rest and implementing intrusion detection systems are important security measures but may not directly address the access control issue.
Loading...
Related Quiz
- What is the purpose of spike testing in performance testing?
- A SQL ____________ is a query embedded within another query.
- Which best practice is crucial for maintaining data privacy and security during database testing?
- Performance testing assesses a database's ability to handle specific ____________ levels.
- Which database technology is often used for distributed data storage and retrieval in big data scenarios?