A type of access control that supports the management of access rights
for groups of subjects is:

A.
Discretionary

B.
Rule-based

C.
Role-based

D.
Mandatory

Explanation:
Role-based access control assigns identical privileges to groups of
users. This approach simplifies the management of access rights,
particularly when members of the group change. Thus, access rights are

assigned to a role, not to an individual. Individuals are entered as
members of specific groups and are assigned the access privileges of that
group.
In answer Discretionary, the access rights to an object are assigned by the
owner at the owner’s discretion. For large numbers of people whose
duties and participation may change frequently, this type of access
control can become unwieldy. Mandatory access control, answer c, uses
security labels or classifications assigned to data items and clearances
assigned to users. A user has access rights to data items with a
classification equal to or less than the user’s clearance. Another
restriction is that the user has to have a need-to-know the information;
this requirement is identical to the principle of least privilege.
Answer ‘rule-based access control’ assigns access rights based on stated rules. An
example of a rule is Access to trade-secret data is restricted to corporate
officers, the data owner and the legal department.