An administrator implements SELinux on a production web server. After implementing this, the web
server no longer serves up files from users’ home directories. To rectify this, the administrator creates a
new policy as the root user. This is an example of which of the following? (Select TWO).
A.
Enforcing SELinux in the OS kernel is role-based access control
B.
Enforcing SELinux in the OS kernel is rule-based access control
C.
The policy added by the root user is mandatory access control
D.
Enforcing SELinux in the OS kernel is mandatory access control
E.
The policy added by the root user is role-based access control
F.
The policy added by the root user is rule-based access control
Explanation:
Enforcing SELinux in the OS kernel is mandatory access control. SELinux is Security Enhanced Linux which
is a locked down version of the OS kernel.
Mandatory Access Control (MAC) is a relatively inflexible method for how information access is permitted.
In a MAC environment, all access capabilities are predefined. Users can’t share information unless their
rights to share it are established by administrators. Consequently, administrators must make any changes
that need to be made to such rights. This process enforces a rigid model of security. However, it is also
considered the most secure security model.
The policy added by the root user is rule-based access control. The administrator has defined a policy that
states that users folders should be served by the web server.
Rule-Based Access Control (RBAC) uses the settings in preconfigured security policies to make all
decisions.Incorrect Answers:
A: Role-Based Access Control (RBAC) models approach the problem of access control based on
established roles in an organization. Enforcing SELinux on a server is locking down the server for
everyone. This does not vary according to job role. Therefore, this answer is incorrect.
B: Rule-Based Access Control (RBAC) uses the settings in preconfigured security policies to make all
decisions. Enforcing SELinux on a server is locking down the server for everyone. With SELinux, all access
capabilities are predefined (in this case, restricted). This is an example of Mandatory Access Control.
Therefore, this answer is incorrect.
C: The policy added by the root user is not mandatory access control. A policy added by the root user is
an example of rule-based access control. Therefore, this answer is incorrect.
E: Rule-Based Access Control is based on policies. Role-Based Access Control is based on roles. In this
question, the root user implemented a policy so this is an example of Rule-Based Access Control, not
Role-Based Access Control. Therefore, this answer is incorrect.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 151-152