Exam CAS-005 topic 1 question 46 discussion

❌ Why the other options are less effective: A. Create a firewall rule to prevent those users from accessing sensitive data Overly broad — may block legitimate access and doesn’t stop exfiltration if access is already granted. C. Enable packet captures Good for investigation, but not mitigation — this is reactive, not preventive. D. Disable login activity for those users after business hours Might help reduce attack surface, but attackers can still operate within business hours or use compromised credentials at those times.

❌ Why the others are incorrect: A. IP-based rules Only restrict where users connect from, not who they are or what data they're authorized to access. C. Attributes and sharing This sounds more like attribute-based access control (ABAC), and sharing by users doesn't align with the strict controls described. D. Role-based access control (RBAC) Assigns access based on job functions, but does not account for classification levels and need-to-know, which are crucial in this scenario.

✅ B. Assign labels to the files and require formal access authorization. 🔐 Explanation: The scenario clearly describes a mandatory access control (MAC) environment where: Personnel must have security clearances matching the sensitivity of the data. Need-to-know access must be verified by a data owner. Access is based on formal authorization, not just technical capabilities. In a MAC system, files are labeled with classifications (e.g., Confidential, Secret), and users must have: A matching security clearance, and An explicit need-to-know, usually granted by a data custodian or owner.