WGU C845
WGU C845 VUN1 Task 1,2,& 3| Passed on First Attempt |Latest
Update with Complete Solution
Gradegurus
➢
➢
➢
, WGU C845 VUN1 Task 1 | Passed on First
a a a a a a a a a
Attempt |Latest Update with Complete Solution
a a a a a a
VUN1 — VUN1 Task 1: Managing Security Operations and Access Controls
a a a a a a a a a a
Information Systems Security - C845
a a a a a
A. Apply an Access Control Model a a a a
A.1. Chosen Access Control Model a a a
I have chosen the Role-Based Access Control (RBAC) model. The principles of RBAC are:
a a a a a a a a a a a a a
• Role Assignment: A user is assigned to a role based on their job function (e.g., "Finance
a a a a a a a a a a a a a a a
Analyst").
a
• Permission Assignment: Permissions to perform operations on systems are assigned to roles,
a a a a a a a a a a a
not to individual users.
a a a a
• Session Management: A user activates a role to gain the associated permissions for a session.
a a a a a a a a a a a a a a
• Least Privilege: Users should only have the minimum level of access necessary to perform their
a a a a a a a a a a a a a a
job duties.
a a
The organization's access control structure, as seen in the user matrix, is implicitly role-based (e.g.,
a a a a a a a a a a a a a a
"Finance manager," "HR coordinator"). Applying a formal RBAC model would streamline this by ensuring
a a a a a a a a a a a a a a
permissions are strictly tied to business functions, reducing complexity and the potential for user
a a a a a a a a a a a a a a
error when assigning permissions.
a a a a
A.2. Four Misalignments with RBAC Principles a a a a
1. Misalignment 1: Privilege Escalation Beyond Role Scope a a a a a a
• Description: The "Junior system admin" (J. Lopez) has "Domain admin" privileges. A a a a a a a a a a a a
junior role should not have the highest level of access in a Windows
a a a a a a a a a a a a a
environment. a
• Conflict with RBAC: This violates the principle of least privilege. The role "Junior system
a a a a a a a a a a a a a
admin" implies a subset of administrative duties, not unrestricted domain-wide control.
a a a a a a a a a a a
2. Misalignment 2: Unnecessary Access Across Departments a a a a a
• Description: The "Finance analyst" (L. Cheng) has "Full access" to the CRM, a system a a a a a a a a a a a a a
, primarily for Sales and Support. A finance role typically does not require full modification
a a a a a a a a a a a a a
rights in a customer relationship system.
a a a a a a
• Conflict with RBAC: This violates least privilege and separation of duties. It allows for
a a a a a a a a a a a a a
potential data manipulation outside the user's core business function.
a a a a a a a a a
3. Misalignment 3: Violation of User-Role Assignment Post-Termination
a a a a a a
• Description: The "HR assistant" (P. Ellis), who was terminated on 2025-05-20, has an
a a a a a a a a a a a a
"Active" account status and successfully logged in on 2025-06-29.
a a a a a a a a a
• Conflict with RBAC: RBAC requires timely revocation of role assignments upon a change
a a a a a a a a a a a a
in employment status. An active session for a terminated user completely bypasses
a a a a a a a a a a a a
the security provided by the role structure.
a a a a a a a
4. Misalignment 4: Overly Broad Privileged Access
a a a a a
• Description: The "IT administrator" (T. Miller) has "Full admin" access to "All internal
a a a a a a a a a a a a
systems," and the log shows they made a firewall rule change without a ticket_id.
a a a a a a a a a a a a a a
• Conflict with RBAC: While some access is necessary, blanket "Full admin" access
a a a a a a a a a a a
violates least privilege and impedes accountability. It does not segment duties within the
a a a a a a a a a a a a
IT department itself.
a a a
WGU C845 VUN1 Task 1,2,& 3| Passed on First Attempt |Latest
Update with Complete Solution
Gradegurus
➢
➢
➢
, WGU C845 VUN1 Task 1 | Passed on First
a a a a a a a a a
Attempt |Latest Update with Complete Solution
a a a a a a
VUN1 — VUN1 Task 1: Managing Security Operations and Access Controls
a a a a a a a a a a
Information Systems Security - C845
a a a a a
A. Apply an Access Control Model a a a a
A.1. Chosen Access Control Model a a a
I have chosen the Role-Based Access Control (RBAC) model. The principles of RBAC are:
a a a a a a a a a a a a a
• Role Assignment: A user is assigned to a role based on their job function (e.g., "Finance
a a a a a a a a a a a a a a a
Analyst").
a
• Permission Assignment: Permissions to perform operations on systems are assigned to roles,
a a a a a a a a a a a
not to individual users.
a a a a
• Session Management: A user activates a role to gain the associated permissions for a session.
a a a a a a a a a a a a a a
• Least Privilege: Users should only have the minimum level of access necessary to perform their
a a a a a a a a a a a a a a
job duties.
a a
The organization's access control structure, as seen in the user matrix, is implicitly role-based (e.g.,
a a a a a a a a a a a a a a
"Finance manager," "HR coordinator"). Applying a formal RBAC model would streamline this by ensuring
a a a a a a a a a a a a a a
permissions are strictly tied to business functions, reducing complexity and the potential for user
a a a a a a a a a a a a a a
error when assigning permissions.
a a a a
A.2. Four Misalignments with RBAC Principles a a a a
1. Misalignment 1: Privilege Escalation Beyond Role Scope a a a a a a
• Description: The "Junior system admin" (J. Lopez) has "Domain admin" privileges. A a a a a a a a a a a a
junior role should not have the highest level of access in a Windows
a a a a a a a a a a a a a
environment. a
• Conflict with RBAC: This violates the principle of least privilege. The role "Junior system
a a a a a a a a a a a a a
admin" implies a subset of administrative duties, not unrestricted domain-wide control.
a a a a a a a a a a a
2. Misalignment 2: Unnecessary Access Across Departments a a a a a
• Description: The "Finance analyst" (L. Cheng) has "Full access" to the CRM, a system a a a a a a a a a a a a a
, primarily for Sales and Support. A finance role typically does not require full modification
a a a a a a a a a a a a a
rights in a customer relationship system.
a a a a a a
• Conflict with RBAC: This violates least privilege and separation of duties. It allows for
a a a a a a a a a a a a a
potential data manipulation outside the user's core business function.
a a a a a a a a a
3. Misalignment 3: Violation of User-Role Assignment Post-Termination
a a a a a a
• Description: The "HR assistant" (P. Ellis), who was terminated on 2025-05-20, has an
a a a a a a a a a a a a
"Active" account status and successfully logged in on 2025-06-29.
a a a a a a a a a
• Conflict with RBAC: RBAC requires timely revocation of role assignments upon a change
a a a a a a a a a a a a
in employment status. An active session for a terminated user completely bypasses
a a a a a a a a a a a a
the security provided by the role structure.
a a a a a a a
4. Misalignment 4: Overly Broad Privileged Access
a a a a a
• Description: The "IT administrator" (T. Miller) has "Full admin" access to "All internal
a a a a a a a a a a a a
systems," and the log shows they made a firewall rule change without a ticket_id.
a a a a a a a a a a a a a a
• Conflict with RBAC: While some access is necessary, blanket "Full admin" access
a a a a a a a a a a a
violates least privilege and impedes accountability. It does not segment duties within the
a a a a a a a a a a a a
IT department itself.
a a a