WGU C845 VUN1 Task 1| Passed on First Attempt |Latest Update with Complete Solution

WGU C845 VUN1 Task 1| Passed on First Attempt |Latest
f f f f f f f f f




Update with Complete Solution f f f f




A. Apply an Access Control Model f f f f




A.1. Chosen Access Control Model f f f




I have chosen the Role-Based Access Control (RBAC) model. The principles of RBAC are:
f f f f f f f f f f f f f




• Role Assignment: A user is assigned to a role based on their job function (e.g., "Finance
f f f f f f f f f f f f f f f



Analyst").
f



• Permission Assignment: Permissions to perform operations on systems are assigned to roles,
f f f f f f f f f f f



not to individual users.
f f f f



• Session Management: A user activates a role to gain the associated permissions for a session.
f f f f f f f f f f f f f f



• Least Privilege: Users should only have the minimum level of access necessary to perform their job
f f f f f f f f f f f f f f f



duties.
f




The organization's access control structure, as seen in the user matrix, is implicitly role-based (e.g., "Finance
f f f f f f f f f f f f f f f



manager," "HR coordinator"). Applying a formal RBAC model would streamline this by ensuring permissions
f f f f f f f f f f f f f f



are strictly tied to business functions, reducing complexity and the potential for user error when assigning
f f f f f f f f f f f f f f f f



permissions.
f




A.2. FourMisalignments withRBACPrinciples f f f f




1. Misalignment 1: Privilege Escalation Beyond Role Scope f f f f f f



• Description: The "Junior system admin" (J. Lopez) has "Domain admin" privileges. A f f f f f f f f f f f



junior role should not have the highest level of access in a Windows environment.
f f f f f f f f f f f f f f



• Conflict with RBAC: This violates the principle of least privilege. The role "Junior system
f f f f f f f f f f f f f



admin" implies a subset of administrative duties, not unrestricted domain-wide control.
f f f f f f f f f f f



2. Misalignment 2: Unnecessary Access Across Departments f f f f f



• Description: The "Finance analyst" (L. Cheng) has "Full access" to the CRM, a system f f f f f f f f f f f f f



primarily for Sales and Support. A finance role typically does not require full modification
f f f f f f f f f f f f f f



rights in a customer relationship system.f f f f f f



• Conflict with RBAC: This violates least privilege and separation of duties. It allows for
f f f f f f f f f f f f f



potential data manipulation outside the user's core business function.
f f f f f f f f f



3. Misalignment 3: Violation of User-Role Assignment Post-Termination f f f f f f



• Description: The "HR assistant" (P. Ellis), who was terminated on 2025-05-20, has an f f f f f f f f f f f f



"Active" account status and successfully logged in on 2025-06-29.
f f f f f f f f f



• Conflict with RBAC: RBAC requires timely revocation of role assignments upon a change inf f f f f f f f f f f f f



employment status. An active session for a terminated user completely bypasses the
f f f f f f f f f f f f



security provided by the role structure. f f f f f f



4. Misalignment 4: Overly Broad Privileged Access f f f f f



• Description: The "IT administrator" (T. Miller) has "Full admin" access to "All internal f f f f f f f f f f f f



systems," and the log shows they made a firewall rule change without a ticket_id.
f f f f f f f f f f f f f f



• Conflict with RBAC: While some access is necessary, blanket "Full admin" access f f f f f f f f f f f



violates least privilege and impedes accountability. It does not segment duties within the IT
f f f f f f f f f f f f f

, f department itself.
f