x x x x x x x
x First Attempt |Latest Update with
xx x x x
CompleteSolution
x x
THIS EXAM INCLUDES:
• Complete guidance for Task 1
• Complete guidance for Task 2
• Complete guidance for Task 3
• Step-by-step instructions for each task
• Well-organized sample responses
• Practical examples and scenarios
• Easy-to-follow explanations
• Suitable for first-time submissions
• Helps prepare for successful completion on the first attempt
• Instant digital download
, WGU C845 VUN1 Task 1 | Passed on First x x x x x x x x x
Attempt |Latest Update with Complete Solution
x x x x x x
VUN1 — VUN1 Task 1: Managing Security Operations and Access Controls
x x x x x x x x x x
Information Systems Security - C845
x x x x x
A. Apply an Access Control Model x x x x
A.1. Chosen Access Control Model x x x
I have chosen the Role-Based Access Control (RBAC) model. The principles of RBAC are:
x x x x x x x x x x x x x
• Role Assignment: A user is assigned to a role based on their job function (e.g., "Finance
x x x x x x x x x x x x x x x
Analyst").
x
• Permission Assignment: Permissions to perform operations on systems are assigned to roles,
x x x x x x x x x x x
not to individual users.
x x x x
• Session Management: A user activates a role to gain the associated permissions for a session.
x x x x x x x x x x x x x x
• Least Privilege: Users should only have the minimum level of access necessary to perform their
x x x x x x x x x x x x x x
job duties.
x x
The organization's access control structure, as seen in the user matrix, is implicitly role-based (e.g.,
x x x x x x x x x x x x x x
"Finance manager," "HR coordinator"). Applying a formal RBAC model would streamline this by ensuring
x x x x x x x x x x x x x x
permissions are strictly tied to business functions, reducing complexity and the potential for user error
x x x x x x x x x x x x x x x
when assigning permissions.
x x x
A.2. Four Misalignments with RBAC Principles x x x x
1. Misalignment 1: Privilege Escalation Beyond Role Scope x x x x x x
• Description: The "Junior system admin" (J. Lopez) has "Domain admin" privileges. A x x x x x x x x x x x
junior role should not have the highest level of access in a Windows environment.
x x x x x x x x x x x x x x
• Conflict with RBAC: This violates the principle of least privilege. The role "Junior system
x x x x x x x x x x x x x
admin" implies a subset of administrative duties, not unrestricted domain-wide control.
x x x x x x x x x x x
2. Misalignment 2: Unnecessary Access Across Departments x x x x x
• Description: The "Finance analyst" (L. Cheng) has "Full access" to the CRM, a system x x x x x x x x x x x x x
, primarily for Sales and Support. A finance role typically does not require full modification
x x x x x x x x x x x x x
rights in a customer relationship system.
x x x x x x
• Conflict with RBAC: This violates least privilege and separation of duties. It allows for
x x x x x x x x x x x x x
potential data manipulation outside the user's core business function.
x x x x x x x x x
3. Misalignment 3: Violation of User-Role Assignment Post-Termination
x x x x x x
• Description: The "HR assistant" (P. Ellis), who was terminated on 2025-05-20, has an
x x x x x x x x x x x x
"Active" account status and successfully logged in on 2025-06-29.
x x x x x x x x x
• Conflict with RBAC: RBAC requires timely revocation of role assignments upon a change
x x x x x x x x x x x x
in employment status. An active session for a terminated user completely bypasses the
x x x x x x x x x x x x x
security provided by the role structure.
x x x x x x
4. Misalignment 4: Overly Broad Privileged Access
x x x x x
• Description: The "IT administrator" (T. Miller) has "Full admin" access to "All internal
x x x x x x x x x x x x
systems," and the log shows they made a firewall rule change without a ticket_id.
x x x x x x x x x x x x x x
• Conflict with RBAC: While some access is necessary, blanket "Full admin" access
x x x x x x x x x x x
violates least privilege and impedes accountability. It does not segment duties within the
x x x x x x x x x x x x
IT department itself.
x x x