WGU C845 VUN1 Task 1,2,& 3| Passed on First Attempt |Latest Update with Complete Solution

WGUC845VUN1Task1,2&3|Passed on
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




,.5 First Attempt |Latest Update with
,.5 ,.5 ,.5 ,.5




,.5 Complete Solution. ,.5




THISEXAMCONTAINS:
,.5 ,.5




➢ WGU C845 VUN1 Task 1 ,2& 3
,.5 ,.5 ,.5 ,.5 ,.5 ,.5




➢ Latest Update with Complete Solution
,.5 ,.5 ,.5 ,.5




➢ WGU C845 VUN1 ,.5 ,.5




➢ Guaranteed Pass ,.5

, WGU C845 VUN1 Task 1 | Passed on FirstAttempt ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




|LatestUpdatewithCompleteSolution
,.5 ,.5 ,.5 ,.5 ,.5




VUN1 — VUN1 Task 1:Managing SecurityOperations and AccessControls
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




Information Systems Security - C845
,.5 ,.5 ,.5 ,.5 ,.5




A. ApplyanAccessControlModel ,.5 ,.5 ,.5 ,.5




A.1. Chosen Access Control Model ,. 5 ,.5 ,.5




I have chosen the Role-Based Access Control (RBAC) model. The principles of RBAC are:
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




• RoleAssignment: Auser isassigned to a role based on their jobfunction (e.g., "Finance
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




Analyst").
,.5




• Permission Assignment:Permissions to perform operations onsystemsare assigned to roles,
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




not to individual users.
,.5 ,.5 ,.5 ,.5




• Session Management: A user activates a role to gain the associated permissions for a session.
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




• Least Privilege: Users shouldonly have the minimum level of access necessary to perform their job
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




duties.
,.5




The organization's access control structure, as seen in the user matrix, is implicitly role-based (e.g.,
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




"Financemanager," "HR coordinator"). Applyinga formal RBACmodel would streamline this byensuring
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




permissions are strictly tied to business functions, reducing complexity and the potential for user error
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




when assigning permissions.
,.5 ,.5 ,.5




A.2. Four Misalignments with RBAC Principles , . 5 , . 5 , . 5 , . 5




1. Misalignment 1: Privilege Escalation Beyond Role Scope ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




• Description:The "Juniorsystem admin" (J.Lopez)has"Domain admin" privileges.A ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




junior role should not have the highest level of access in a Windows environment.
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




• Conflictwith RBAC:This violates the principle of least privilege. The role "Junior system ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




admin"implies asubset ofadministrative duties, not unrestricted domain-wide control.
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




2. Misalignment 2: Unnecessary Access Across Departments ,.5 ,.5 ,.5 ,.5 ,.5




• Description:The "Finance analyst" (L. Cheng) has "Fullaccess" to the CRM, a system ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5

, primarily for Sales and Support. A finance role typically does not require full modification
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




rights in a customer relationship system.
,.5 ,.5 ,.5 ,.5 ,.5 ,.5




• Conflict with RBAC: This violates least privilege and separation of duties. It allows for
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




potential data manipulation outside the user's core business function.
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




3. Misalignment 3: Violation of User-Role Assignment Post-Termination
,.5 ,.5 ,. 5 ,.5 ,.5 ,.5




• Description: The "HR assistant" (P. Ellis), who was terminated on 2025-05-20, has an
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




"Active" account status and successfully logged in on 2025-06-29.
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




• Conflict with RBAC: RBAC requires timely revocation of role assignments upon a change in
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




employment status. An active session for a terminated user completely bypasses the
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




security provided by the role structure.
,.5 ,.5 ,.5 ,.5 ,.5 ,.5




4. Misalignment 4: Overly Broad Privileged Access
,.5 ,.5 ,.5 ,.5 ,.5




• Description: The "IT administrator" (T. Miller) has "Full admin" access to "All internal
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




systems," and the log shows they made a firewall rule change without a ticket_id.
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




• Conflictwith RBAC: While some access is necessary, blanket "Full admin" access
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




violates least privilege and impedes accountability. It does not segment duties within the IT
,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5 ,.5




department itself.
,.5 ,.5