PrepAway - Latest Free Exam Questions & Answers

In which of the following can a user access resources according to his role in the organization?

In which of the following can a user access resources according to his role in the organization?

PrepAway - Latest Free Exam Questions & Answers

A.
Discretionary access control

B.
Network-based access control

C.
Role-based access control

D.
Mandatory Access Control

Explanation:
Role-based access control (RBAC) is an access control model. In this model, a user can access resources according to his role in the organization. For example, a backup administrator is responsible for taking backups of important data. Therefore, he is only authorized to access this data for backing it up. However, sometimes users with different roles need to access the same resources. This situation can also be handled using the RBAC model.

Answer option A is incorrect. Discretionary access control (DAC) is an access policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have.

Two important concepts in DAC are as follows:
File and data ownership: Every object in the system has an owner. In most DAC systems, each object’s initial owner is the subject that caused it to be created. The access policy for an object is determined by its owner.
Access rights and permissions: These are the controls that an owner can assign to other subjects for specific resources.

Access controls may be discretionary in ACL-based or capability-based access control systems.

Note: In capability-based systems, there is no explicit concept of owner, but the creator of an object has a similar degree of control over its access policy.

Answer option D is incorrect. Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the system. Access to an object is restricted on the basis of the sensitivity of the object and granted through authorization. Sensitivity of an object is defined by the label assigned to it. For example, if a user receives a copy of an object that is marked as “secret”, he cannot grant permission to other users to see this object unless they have the appropriate permission.

Answer option B is incorrect. There in no such access control as Network-based access control (NBAC).


Leave a Reply