New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GSEC Exam - Topic 8 Question 36 Discussion

Actual exam question for GIAC's GSEC exam
Question #: 36
Topic #: 8
[All GSEC Questions]

Jonny Is an IT Project Manager. He cannot access the folder called "IT Projects" but can access a folder called "Sales Data" even though he's not on the sales team. Which information security principle has failed?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Belen at Dec 08, 2023, 05:53 AM

Limited Time Offer

25%

Off

Get Premium GSEC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Flo
3 months ago
Not sure, but shouldn't he have access to both?
upvoted 0 times
...
Rozella
3 months ago
Yeah, it's clearly an authorization issue.
upvoted 0 times
...
Stevie
3 months ago
Surprised he can access Sales Data at all!
upvoted 0 times
...
Paola
4 months ago
I think it's more about authentication, right?
upvoted 0 times
...
Alfreda
4 months ago
Definitely authorization failure here.
upvoted 0 times
...
Abel
4 months ago
I keep mixing up identification and authorization. But in this case, it feels like authorization has failed since he accessed something he shouldn't.
upvoted 0 times
...
Paris
4 months ago
This seems similar to a practice question we did on access controls. I feel like it's definitely about authorization.
upvoted 0 times
...
Ora
4 months ago
I'm not entirely sure, but I remember something about authentication being related to who you are, not what you can access.
upvoted 0 times
...
Elinore
5 months ago
I think this is about authorization since Jonny shouldn't access the Sales Data folder.
upvoted 0 times
...
Ashanti
5 months ago
I'm pretty confident this is a question about authorization. Jonny is able to access a folder he's not supposed to, so the authorization principles have been violated. I'll select option B.
upvoted 0 times
...
Elroy
5 months ago
Okay, I think I've got it. The issue here is that Jonny can access a folder he shouldn't be able to, which means the authorization controls have failed. The correct answer is B, Authorization.
upvoted 0 times
...
Willetta
5 months ago
Hmm, I'm a bit confused. Is this about Jonny not being able to access the "IT Projects" folder, or about him being able to access the "Sales Data" folder? I need to re-read the question carefully.
upvoted 0 times
...
Lindsey
5 months ago
This seems like a straightforward authorization question. I'll focus on understanding the difference between authentication, authorization, identification, and accountability.
upvoted 0 times
...
Hillary
5 months ago
The Geolocation field type seems like the obvious choice to me. It's designed specifically for capturing coordinate data, which is exactly what the question is asking for.
upvoted 0 times
...
Tequila
5 months ago
Okay, let's see. The Cisco ISE server is involved, so I'm guessing the options will be related to how it interacts with the identity store, either internal or external. I'll need to think through each option carefully.
upvoted 0 times
...

Save Cancel