After reviewing its business processes, a large organization is deploying a new web application based on a
VoIP technology. Which of the following is the MOST appropriate approach for implementing access control
that will facilitate security management of the VoIP web application?

A.
Fine-grained access control

B.
Role-based access control (RBAC)

C.
Access control lists

D.
Network/service access control

Explanation:
Authorization in this VoIP case can best be addressed by role-based access control (RBAC) technology. RBAC
is easy to manage and can enforce strong and efficient access controls in large-scale web environments
including VoIP implementation. Access control lists and fine-grained access control on VoIP web applicationsdo not scale to enterprise wide systems, because they are primarily based on individual user identities and their
specific technical privileges. Network/service addresses VoIP availability but does not address application-level
access or authorization.