Question

A systems developer needs to provide machine-to-machine interface between an application and a database server in the production environment. This interface will exchange data once per day. Which of the following access control account practices would BEST be used in this situation?

A.Establish a privileged interface group and apply read -write permission.to the members of that group.

B.Submit a request for account privilege escalation when the data needs to be transferred

C.Install the application and database on the same server and add the interface to the local administrator group.

D.Use a service account and prohibit users from accessing this account for development work

Answer 1

Regarding the above requirement where the application and database server in the production environment will need to exchange the data once per day, the following access control account practices would be used in this situation:
D.Use a service account and prohibit users from accessing this account for development work.

The service account can be used here to explicitly provide a security context for services. Thus, the service can also access the local and the other resources, prohibiting the other users from accessing the account for the development work. Submitting an Adhoc request daily is not an option as this is needed daily. Also, the servers can be different and cannot be installed in one place. Also, we cannot apply the read-write permission to the members of that group.