Question

A systems developer needs to provide machine-to-machine interface between an application and a database server in the production environment. This interface will exchange data once per day. Which of the following access control account practices would BEST be used in this situation?

A.Establish a privileged interface group and apply read -write permission.to the members of that group.

B.Submit a request for account privilege escalation when the data needs to be transferred

C.Install the application and database on the same server and add the interface to the local administrator group.

D.Use a service account and prohibit users from accessing this account for development work

Answer 1

Answer)
Regarding the above requirement where the application and database server in the production environment will need to exchange the data once per day, the following access control account practices would be used in this situation:
D.Use a service account and prohibit users from accessing this account for development work

The service account can be used here to explicitly provide a security context for services and thus the service can also access the local and the other resources and also prohibiting the other users to access the account for the development work. Submitting an adhoc request daily is not an option as this is needed daily. Also, the servers can be different and cannot be installed in one place. Also, we cannot apply the read-write permission to the members of that group.

**Please Hit Like if you appreciate my answer. For further doubts on the question or answer please drop a comment, I'll be happy to help. Thanks for posting.**