Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?

A.
Attributes based

B.
Implicit deny

C.
Role based

D.
Rule based

Explanation:
Attribute-based access control allows access rights to be granted to users via policies, which combine attributes together. The policies can make use of any type of
attributes, which includes user attributes, resource attributes and environment attributes.
Incorrect Answers:

B: Implicit deny says that if you aren’t explicitly granted access or privileges for a resource, you’re denied access by default. An access control policy is not required
for Implicit deny.
C: Role-based Access Control is basically based on a user’s job description. When a user is assigned a specific role in an environment, that user’s access to
objects is granted based on the required tasks of that role. The question states that the access control policy should not be based on job function.
D: Rule-based access control is used for network devices, such as firewalls and routers, which filter traffic based on filtering rules. The question states that the
access control policy should based on individual user characteristics, not devices.

http://en.wikipedia.org/wiki/Attribute-based_access_control Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 280, 284.