After recent reports of undesired access to workstations after hours, Sakis has been asked to find a way to ensure that maintenance staff cannot log into workstations in business offices. The maintenance staff members do have systems in their break rooms and their offices for the organization, which they still need access to. What should Sakis do to meet this need?
Answer Options
Require multifactor authentication and allow only office staff to have multifactor tokens.
Use rule-based access control to prevent logins after hours in the business area.
Use role-based access control by setting up a group that contains all maintenance staff and then give that group rights to log into only the designated workstations.
Use geofencing to only allow logins in maintenance areas.
Correct Answer: C
Explanation
The most efficient use of Sakis's time would be to create a group that is populated with all maintenance staff and then to give that group login rights only to the designated PCs. While time-based constraints might help, in this case, it would continue to allow maintenance staff to log in to PCs that are not intended for use during business hours, leaving a gap in the control. Multifactor authentication, as described, does not meet the requirements of the scenario but may be a good idea overall for greater security for authentication across the organization. Geofencing is typically not accurate enough to rely on inside buildings for specific PCs.