WGU C845 VUN1 Task 1,2,& 3| Passed on First Attempt |Latest Update with Complete Solution

WGU C845 VUN1 Task 1,2,& 3| Passed on First

Attempt |Latest Update with Complete Solution




VUN1—VUN1Task1:ManagingSecurityOperationsandAccess Controls g




g InformationSystemsSecurity-C845 g g




A. ApplyanAccess Control Model g g




A.1. Chosen Access Control Model g g g




Ihave chosen the Role-BasedAccess Control(RBAC) model. Theprinciples of RBAC are:
g g g g g g g g g g g




• Role Assignment: A user isassigned to a role based ontheir job function (e.g., "Finance
g g g g g g g g g g g g g g g



gAnalyst").
• Permission Assignment:Permissions to perform operations onsystemsareassignedto roles,
g g g g g g g



gnot to individual users.
g g g



• SessionManagement: A useractivatesaroletogaintheassociatedpermissions forasession.
g g q g g g g g q g



• Least Privilege: Users shouldonly havetheminimum level ofaccess necessarytoperform their
g g g g g g g g g g g g



gjob duties.
g




The organization's access control structure, as seen in the user matrix, is implicitly role-based (e.g., "Finance
g g g g g g g g g g g g g g g



manager," "HRcoordinator"). Applyinga formal RBACmodel would streamlinethis by ensuring permissions are
g g g g g g g g g g g g



strictly tied to business functions, reducing complexity and the potential for user error when assigning
g g g g g g g g g g g g g g g



permissions.
g




A.2. Four Misalignments with RBAC Principles g g g g




1. Misalignment 1: Privilege Escalation Beyond Role Scope g g g g g g



• Description: The "Junior system admin" (J.Lopez) has "Domainadmin" privileges. A g g g g g g g g g g g



junior role should not have the highest level of access in a Windows environment.
g g g g g g g g g g g g g g



• Conflict with RBAC: Thisviolates theprinciple of least privilege. The role"Junior system
g g g g g g g g g g g g



admin" impliesasubsetofadministrativeduties,notunrestricted domain-widecontrol.
g g g g g g g g



2. Misalignment 2: Unnecessary Access Across Departments g g g g g



• Description: The "Finance analyst" (L. Cheng) has "Full access" to the CRM, a system g g g g g g g g g g g g g



primarilyforSalesandSupport.Afinance roletypically doesnot requirefullmodification
g g g g g g g g g g g g g



rights in a customer relationship system.
g g g g g g



• Conflict with RBAC: This violates least privilege and separation ofduties. It allows for
g g g g g g g g g g g g




• potential data manipulation outside the user's core business function.
g g g g g g g g




Downloaded by: Prose1 | g g g g Want to earn $1.236
g g g



Distribution of this document is illegal g g g g g extra per year?
g g

,3. Misalignment 3: Violation of User-Role Assignment Post-Termination
g g g g g g



• Description: The"HRassistant" (P. Ellis), who was terminatedon2025-05-20, has an
g g g g g g g g



"Active" account status and successfully logged in on 2025-06-29.
g g g g g g g g g



• Conflictwith RBAC: RBAC requires timely revocationof role assignments upon a change in
g g g g g g g q g g g



employment status. An active session for a terminated user completely bypasses the
g g g g g g g g g g g g



security provided by the role structure.
g g g g g g



4. Misalignment4: Overly Broad Privileged Access
g g g g g



• Description: The "IT administrator" (T. Miller) has "Full admin" access to "All internal
g g g g g g g g g g g g



systems," and the log shows they made a firewall rule change without a ticket_id.
g g g g g g g g g g g g g g




• ConflictwithRBAC:Whilesomeaccessisnecessary,blanket"Full admin" access
g g g g g g g




Downloaded by: Prose1 |
g g g g Want to earn $1.236
g g g



Distribution of this document is illegal
g g g g g extra per year?
g g

, violatesleastprivilegeandimpedesaccountability.Itdoesnotsegmentdutieswithinthe IT department
g g g g g g g g g g g g g



gitself.




Downloaded by: Prose1 |
g g g g Want to earn $1.236
g g g



Distribution of this document is illegal
g g g g g extra per year?
g g