WGU C845 VUN1 Task 1| Passed on First Attempt |Latest Update with Complete Solution

WGU C845VUN1Task 1 | Passed on FirstAttempt .7 .7 .7 .7 .7 .7 .7 .7 .7




|Latest Update with Complete Solution
.7 .7 .7 .7 .7




VUN1— VUN1Task1:ManagingSecurityOperationsandAccessControls
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7




Information Systems Security - C845
.7 .7 .7 .7 .7




A. ApplyanAccessControlModel .7 .7 .7 .7




A.1. Chosen Access Control Model .7 .7 .7




IhavechosentheRole-BasedAccessControl(RBAC)model.TheprinciplesofRBACare:
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




• RoleAssignment:Auserisassignedto arolebasedontheirjobfunction(e.g.,"Finance
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




Analyst").
.7




• PermissionAssignment:Permissionstoperformoperationsonsystemsareassignedtoroles, not
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




to individual users.
.7 .7 .7




• SessionManagement:Auseractivatesaroletogaintheassociatedpermissionsforasession.
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




• LeastPrivilege:Users shouldonlyhavetheminimumlevelofaccessnecessarytoperform their job
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




duties.
.7




The organization's access control structure, as seen in the user matrix, is implicitly role-based (e.g., "Finance
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




manager,""HRcoordinator").ApplyingaformalRBACmodelwouldstreamlinethisbyensuring permissions are
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




strictly tied to business functions, reducing complexity and the potential for user error when assigning
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




permissions.
.7




A.2. Four Misalignments with RBAC Principles . 7 . 7 . 7 . 7




1. Misalignment 1: Privilege Escalation Beyond Role Scope .7 .7 .7 .7 .7 .7




• Description:The"Juniorsystemadmin"(J.Lopez)has"Domainadmin"privileges.A .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




junior role should not have the highest level of access in a Windows environment.
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




• ConflictwithRBAC:Thisviolates theprincipleofleastprivilege.Therole"Juniorsystem .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




admin"impliesasubsetofadministrativeduties,notunrestricteddomain-widecontrol.
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




2. Misalignment 2: Unnecessary Access Across Departments .7 .7 .7 .7 .7




• Description:The "Financeanalyst" (L.Cheng) has "Full access" to the CRM, a system .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7

, primarilyforSalesandSupport. Afinanceroletypicallydoesnotrequire fullmodification rights
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




in a customer relationship system.
.7 .7 .7 .7 .7




• Conflict with RBAC: This violates least privilege and separation of duties. It allows for
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




potential data manipulation outside the user's core business function.
.7 .7 .7 .7 .7 .7 .7 .7 .7




3. Misalignment3:Violation ofUser-RoleAssignment Post-Termination
.7 .7 .7 .7 .7 .7




• Description: The "HR assistant" (P. Ellis), who was terminated on 2025-05-20, has an
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




"Active" account status and successfully logged in on 2025-06-29.
.7 .7 .7 .7 .7 .7 .7 .7 .7




• Conflict with RBAC: RBAC requires timely revocation of role assignments upon a change in
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




employment status. An active session for a terminated user completely bypasses the
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




security provided by the role structure.
.7 .7 .7 .7 .7 .7




4. Misalignment4: Overly Broad Privileged Access
.7 .7 .7 .7 .7




• Description: The "IT administrator" (T. Miller) has "Full admin" access to "All internal
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




systems," and the log shows they made a firewall rule change without a ticket_id.
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




• ConflictwithRBAC:Whilesomeaccessisnecessary,blanket"Fulladmin"access
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




violates least privilege and impedes accountability. It does not segment duties within the IT
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




department itself.
.7 .7