Question 36 2.5 pts What is the main risk in allowing a regular user to run chown to change ownership of her file to any other user? She could leverage it to change ownership of the /etc/shadow Me and steal password hashes and salts. She could frame another user by making him the owner of a malicious program, She could fool the HIDS into thinking that her activity is that of another user She could create a SetUID root shell program and use it with full root access Question 37 2.5 pt Why does Role-Based Access Control make it easier to implement the principle of least privilege? Roles are assigned to users dynamically during a login session enabling more complete access checks. It dynamically removes privileges from users when they are not needed. It prevents accesses to roles with lower positions in the role hierarchy. Each role contains the minimum set of privileges needed to perform in that role