Exam CAS-004 topic 1 question 493 discussion

B. Controlling access to data based on the role of users: This approach involves Role-Based Access Control (RBAC), where access is granted based on the user’s role. In this case, the user’s subscription tier would be tied to their role, which can limit the data they are allowed to access. For example, if a user is subscribed to a basic tier, they will only be able to access data available to that tier. This is a straightforward and effective way to ensure that only authorized users can access the data that is specific to their subscription level. C. Employing attribute-based access control: Attribute-Based Access Control (ABAC) involves granting access based on specific attributes, such as user characteristics (e.g., subscription tier) and the attributes of the data (e.g., the data's classification or level of access). This allows for more fine-grained control compared to RBAC, as it can evaluate both the user's attributes (tier, subscription type, etc.) and the data’s attributes (data sensitivity, type, or tier) to make access decisions.

To ensure subscribers are only granted access to data associated with their subscription tier, the best approaches would be: B. Controlling access to data based on the role of users. C. Employing attribute-based access control. Both approaches focus on managing access based on defined roles or attributes, ensuring that users can only access data relevant to their specific subscription level. This helps in maintaining data segregation according to subscription tiers effectively.

Another confusing Comptia question. Are they asking for 2 different approached or two different options, when combined, give the right approach? BE seems correct but talking through it with ChatGPT, it assumes that the question wants 2 separate approaches- BC

Why not C?

should be BE

Based on the requirement to ensure subscribers are only granted access to data associated with their subscription tier, the two best approaches would be: • B. Controlling access to data based on the role of users. This approach involves defining access permissions based on the roles or subscriptions of users. Each tier of subscription would correspond to a specific role or access level, ensuring that users can only access data appropriate for their subscription tier. • E. Establishing a classification and labeling scheme. By implementing a classification and labeling scheme, the data can be categorized based on sensitivity or subscription tier. Access controls can then be applied based on these classifications, ensuring that subscribers can only access data that corresponds to their subscription level.