A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST
describes this level of access control?

A.
Implicit deny

B.
Role-based Access Control

C.
Mandatory Access Controls

D.
Least privilege

Explanation:
Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know
is a security restriction where some objects are restricted unless the subject has a need to know them.
Incorrect Answers:

A: Implicit deny says that if you aren’t explicitly granted access or privileges for a resource, you’re denied access by default.
B: Basically, Role-based Access Control is based on a user’s job description. It does not include the use of need to know.
D: Least privilege states that users should only be granted the minimum necessary access, permissions, and privileges that are required for them to accomplish
their work tasks. It does not include the use of need to know.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 278- 284.