WGU C845 VUN1 Task 1| Passed on First
Attempt |Latest Update with Complete Solution
A. Apply an Access Control Model d d d d
A.1. Chosen Access Control Model d d d
I have chosen the Role-Based Access Control (RBAC) model. The principles of RBAC are:
d d d d d d d d d d d d d
• Role Assignment: A user is assigned to a role based on their job function (e.g., "Finance
d d d d d d d d d d d d d d d
Analyst").
d
• Permission Assignment: Permissions to perform operations on systems are assigned to roles, not
d d d d d d d d d d d d
to individual users.
d d d
• Session Management: A user activates a role to gain the associated permissions for a session.
d d d d d d d d d d d d d d
• Least Privilege: Users should only have the minimum level of access necessary to perform their job
d d d d d d d d d d d d d d d
duties.
d
The organization's access control structure, as seen in the user matrix, is implicitly role-based (e.g., "Finance
d d d d d d d d d d d d d d d
manager," "HR coordinator"). Applying a formal RBAC model would streamline this by ensuring permissions
d d d d d d d d d d d d d d
are strictly tied to business functions, reducing complexity and the potential for user error when assigning
d d d d d d d d d d d d d d d d
permissions.
d
A.2. FourMisalignments with RBAC Principles d d d d
1. Misalignment 1: Privilege Escalation Beyond Role Scope d d d d d d
• Description: The "Junior system admin" (J. Lopez) has "Domain admin" privileges. A d d d d d d d d d d d
junior role should not have the highest level of access in a Windows environment.
d d d d d d d d d d d d d d
• Conflict with RBAC: This violates the principle of least privilege. The role "Junior system
d d d d d d d d d d d d d
admin" implies a subset of administrative duties, not unrestricted domain-wide control.
d d d d d d d d d d d
2. Misalignment 2: Unnecessary Access Across Departments d d d d d
• Description: The "Finance analyst" (L. Cheng) has "Full access" to the CRM, a system d d d d d d d d d d d d d
primarily for Sales and Support. A finance role typically does not require full modification
d d d d d d d d d d d d d d
rights in a customer relationship system.
d d d d d d
• Conflict with RBAC: This violates least privilege and separation of duties. It allows for
d d d d d d d d d d d d d
potential data manipulation outside the user's core business function.
d d d d d d d d d
3. Misalignment 3: Violation of User-Role Assignment Post-Termination d d d d d d
• Description: The "HR assistant" (P. Ellis), who was terminated on 2025-05-20, has an d d d d d d d d d d d d
"Active" account status and successfully logged in on 2025-06-29.
d d d d d d d d d
• Conflict with RBAC: RBAC requires timely revocation of role assignments upon a change in
d d d d d d d d d d d d d
employment status. An active session for a terminated user completely bypasses the
d d d d d d d d d d d d
security provided by the role structure.
d d d d d d
4. Misalignment 4: Overly Broad Privileged Access d d d d d
• Description: The "IT administrator" (T. Miller) has "Full admin" access to "All internal d d d d d d d d d d d d
systems," and the log shows they made a firewall rule change without a ticket_id.
d d d d d d d d d d d d d d
This study source was downloaded by 1524368 from cliffsnotes.com on 12-24-2025 11:53:06 GMT -06:00
d d d d d d d d d d d d d
https://www.cliffsnotes.com//study-notes/29344346
, • Conflict with RBAC: While some access is necessary, blanket "Full admin" access
d d d d d d d d d d d
violates least privilege and impedes accountability. It does not segment duties within the IT
d d d d d d d d d d d d d
department itself.
d d
This study source was downloaded by 1524368 from cliffsnotes.com on 12-24-2025 11:53:06 GMT -06:00
d d d d d d d d d d d d d
https://www.cliffsnotes.com//study-notes/29344346
Attempt |Latest Update with Complete Solution
A. Apply an Access Control Model d d d d
A.1. Chosen Access Control Model d d d
I have chosen the Role-Based Access Control (RBAC) model. The principles of RBAC are:
d d d d d d d d d d d d d
• Role Assignment: A user is assigned to a role based on their job function (e.g., "Finance
d d d d d d d d d d d d d d d
Analyst").
d
• Permission Assignment: Permissions to perform operations on systems are assigned to roles, not
d d d d d d d d d d d d
to individual users.
d d d
• Session Management: A user activates a role to gain the associated permissions for a session.
d d d d d d d d d d d d d d
• Least Privilege: Users should only have the minimum level of access necessary to perform their job
d d d d d d d d d d d d d d d
duties.
d
The organization's access control structure, as seen in the user matrix, is implicitly role-based (e.g., "Finance
d d d d d d d d d d d d d d d
manager," "HR coordinator"). Applying a formal RBAC model would streamline this by ensuring permissions
d d d d d d d d d d d d d d
are strictly tied to business functions, reducing complexity and the potential for user error when assigning
d d d d d d d d d d d d d d d d
permissions.
d
A.2. FourMisalignments with RBAC Principles d d d d
1. Misalignment 1: Privilege Escalation Beyond Role Scope d d d d d d
• Description: The "Junior system admin" (J. Lopez) has "Domain admin" privileges. A d d d d d d d d d d d
junior role should not have the highest level of access in a Windows environment.
d d d d d d d d d d d d d d
• Conflict with RBAC: This violates the principle of least privilege. The role "Junior system
d d d d d d d d d d d d d
admin" implies a subset of administrative duties, not unrestricted domain-wide control.
d d d d d d d d d d d
2. Misalignment 2: Unnecessary Access Across Departments d d d d d
• Description: The "Finance analyst" (L. Cheng) has "Full access" to the CRM, a system d d d d d d d d d d d d d
primarily for Sales and Support. A finance role typically does not require full modification
d d d d d d d d d d d d d d
rights in a customer relationship system.
d d d d d d
• Conflict with RBAC: This violates least privilege and separation of duties. It allows for
d d d d d d d d d d d d d
potential data manipulation outside the user's core business function.
d d d d d d d d d
3. Misalignment 3: Violation of User-Role Assignment Post-Termination d d d d d d
• Description: The "HR assistant" (P. Ellis), who was terminated on 2025-05-20, has an d d d d d d d d d d d d
"Active" account status and successfully logged in on 2025-06-29.
d d d d d d d d d
• Conflict with RBAC: RBAC requires timely revocation of role assignments upon a change in
d d d d d d d d d d d d d
employment status. An active session for a terminated user completely bypasses the
d d d d d d d d d d d d
security provided by the role structure.
d d d d d d
4. Misalignment 4: Overly Broad Privileged Access d d d d d
• Description: The "IT administrator" (T. Miller) has "Full admin" access to "All internal d d d d d d d d d d d d
systems," and the log shows they made a firewall rule change without a ticket_id.
d d d d d d d d d d d d d d
This study source was downloaded by 1524368 from cliffsnotes.com on 12-24-2025 11:53:06 GMT -06:00
d d d d d d d d d d d d d
https://www.cliffsnotes.com//study-notes/29344346
, • Conflict with RBAC: While some access is necessary, blanket "Full admin" access
d d d d d d d d d d d
violates least privilege and impedes accountability. It does not segment duties within the IT
d d d d d d d d d d d d d
department itself.
d d
This study source was downloaded by 1524368 from cliffsnotes.com on 12-24-2025 11:53:06 GMT -06:00
d d d d d d d d d d d d d
https://www.cliffsnotes.com//study-notes/29344346
