For more exams
Email;
WGU C845 VUN1 Task 1 ,2& 3
Passed on First Attempt
Latest Update with Complete
Solutions with 100% accuracy
Information Systems Security (Western Governors University)
For more exams
Email;
,l For more exams
Email;
OMoARcPSD| 62837805
WGU C845 VUN1 Task 1 | Passed on First Attempt |Latest Update with
Complete Solution
VUN1 — VUN1 Task 1: Managing Security Operations and Access Controls
Information Systems Security - C845
A. Apply an Access Control Model
A.1. Chosen Access Control Model
I have chosen the Role-Based Access Control (RBAC) model. The principles
of RBAC are:
• Role Assignment: A user is assigned to a role based on their job
function (e.g., "Finance Analyst").
• Permission Assignment: Permissions to perform operations on
systems are assigned to roles, not to individual users.
• Session Management: A user activates a role to gain the associated
permissions for a session.
• Least Privilege: Users should only have the minimum level of access
necessary to perform their job duties.
The organization's access control structure, as seen in the user matrix, is
implicitly role-based (e.g., "Finance manager," "HR coordinator").
Applying a formal RBAC model would streamline this by ensuring
permissions are strictly tied to business functions, reducing complexity
and the potential for user error when assigning permissions.
A.2. Four Misalignments with RBAC Principles
1. Misalignment 1: Privilege Escalation Beyond Role Scope
For more exams
Email;
, For more exams
Email;
|62837805
Description: The "Junior system admin" (J. Lopez) has
•
"Domain admin" privileges. A junior role should not have the
highest level of access in a Windows environment.
• Conflict with RBAC: This violates the principle of least
privilege. The role "Junior system admin" implies a subset of
administrative duties, not unrestricted domain-wide control.
2. Misalignment 2: Unnecessary Access Across Departments
• Description: The "Finance analyst" (L. Cheng) has "Full access"
to the CRM, a system
primarily for Sales and Support. A finance role typically does not
require full modification rights in a customer relationship system.
• Conflict with RBAC: This violates least privilege and
separation of duties. It allows for potential data manipulation
outside the user's core business function.
3. Misalignment 3: Violation of User-Role Assignment Post-
Termination
• Description: The "HR assistant" (P. Ellis), who was terminated
on 2025-05-20, has an "Active" account status and successfully
logged in on 2025-06-29.
• Conflict with RBAC: RBAC requires timely revocation of role
assignments upon a change in employment status. An active
session for a terminated user completely bypasses the security
provided by the role structure.
4. Misalignment 4: Overly Broad Privileged Access
• Description: The "IT administrator" (T. Miller) has "Full admin"
access to "All internal systems," and the log shows they made a
firewall rule change without a ticket_id.
• Conflict with RBAC: While some access is necessary, blanket
"Full admin" access violates least privilege and impedes
accountability. It does not segment duties within the IT
department itself.
For more exams
Email;
Email;
WGU C845 VUN1 Task 1 ,2& 3
Passed on First Attempt
Latest Update with Complete
Solutions with 100% accuracy
Information Systems Security (Western Governors University)
For more exams
Email;
,l For more exams
Email;
OMoARcPSD| 62837805
WGU C845 VUN1 Task 1 | Passed on First Attempt |Latest Update with
Complete Solution
VUN1 — VUN1 Task 1: Managing Security Operations and Access Controls
Information Systems Security - C845
A. Apply an Access Control Model
A.1. Chosen Access Control Model
I have chosen the Role-Based Access Control (RBAC) model. The principles
of RBAC are:
• Role Assignment: A user is assigned to a role based on their job
function (e.g., "Finance Analyst").
• Permission Assignment: Permissions to perform operations on
systems are assigned to roles, not to individual users.
• Session Management: A user activates a role to gain the associated
permissions for a session.
• Least Privilege: Users should only have the minimum level of access
necessary to perform their job duties.
The organization's access control structure, as seen in the user matrix, is
implicitly role-based (e.g., "Finance manager," "HR coordinator").
Applying a formal RBAC model would streamline this by ensuring
permissions are strictly tied to business functions, reducing complexity
and the potential for user error when assigning permissions.
A.2. Four Misalignments with RBAC Principles
1. Misalignment 1: Privilege Escalation Beyond Role Scope
For more exams
Email;
, For more exams
Email;
|62837805
Description: The "Junior system admin" (J. Lopez) has
•
"Domain admin" privileges. A junior role should not have the
highest level of access in a Windows environment.
• Conflict with RBAC: This violates the principle of least
privilege. The role "Junior system admin" implies a subset of
administrative duties, not unrestricted domain-wide control.
2. Misalignment 2: Unnecessary Access Across Departments
• Description: The "Finance analyst" (L. Cheng) has "Full access"
to the CRM, a system
primarily for Sales and Support. A finance role typically does not
require full modification rights in a customer relationship system.
• Conflict with RBAC: This violates least privilege and
separation of duties. It allows for potential data manipulation
outside the user's core business function.
3. Misalignment 3: Violation of User-Role Assignment Post-
Termination
• Description: The "HR assistant" (P. Ellis), who was terminated
on 2025-05-20, has an "Active" account status and successfully
logged in on 2025-06-29.
• Conflict with RBAC: RBAC requires timely revocation of role
assignments upon a change in employment status. An active
session for a terminated user completely bypasses the security
provided by the role structure.
4. Misalignment 4: Overly Broad Privileged Access
• Description: The "IT administrator" (T. Miller) has "Full admin"
access to "All internal systems," and the log shows they made a
firewall rule change without a ticket_id.
• Conflict with RBAC: While some access is necessary, blanket
"Full admin" access violates least privilege and impedes
accountability. It does not segment duties within the IT
department itself.
For more exams
Email;
