Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy?
Suggested Answer:C🗳️
Non Discretionary Access Control include Role Based Access Control (RBAC) and Rule Based Access Control (RBAC or RuBAC). RABC being a subset of NDAC, it was easy to eliminate RBAC as it was covered under NDAC already. Some people think that RBAC is synonymous with NDAC but RuBAC would also fall into this category. Discretionary Access control is for environment with very low level of security. There is no control on the dissemination of the information. A user who has access to a file can copy the file or further share it with other users. Rule Based Access Control is when you have ONE set of rules applied uniformly to all users. A good example would be a firewall at the edge of your network. A single rule based is applied against any packets received from the internet. Mandatory Access Control is a very rigid type of access control. The subject must dominate the object and the subject must have a Need To Know to access the information. Objects have labels that indicate the sensitivity (classification) and there is also categories to enforce the Need To Know (NTK). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.
The access control type that involves a central authority determining access based on roles or an organizational security policy is:
A. Mandatory Access Control (MAC)
Mandatory Access Control (MAC) is a type of access control where a central authority (often the operating system or security administrator) determines access rights based on security labels and policies. These security labels are assigned to both subjects (users or processes) and objects (files, resources), and they define the sensitivity levels or classifications.
In MAC, access decisions are not left to the discretion of individual users or object owners. Instead, access is strictly controlled based on predefined security labels, which often correspond to roles, security clearances, or sensitivity levels. This aligns with the concept of a central authority dictating access based on organizational security policies or roles.
Both MAC and NDAC involve central authority control, but they differ in the way access decisions are made. In MAC, access is determined by labels (e.g., security clearances) associated with subjects and objects, whereas in NDAC (or RBAC), access is often based on roles or organizational security policies. I appreciate the clarification.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
fa8df4c
10 months, 3 weeks agonanson
1 year agonewpylong
2 years, 4 months agoStevovo123
1 year, 1 month ago