PrepAway - Latest Free Exam Questions & Answers

In an organization where there are frequent personnel c…

In an organization where there are frequent personnel changes, non-discretionary access control using Role
Based Access Control (RBAC) is useful because:

PrepAway - Latest Free Exam Questions & Answers

A.
people need not use discretion

B.
the access controls are based on the individual’s role or title within the organization.

C.
the access controls are not based on the individual’s role or title within the organization

D.
the access controls are often based on the individual’s role or title within the organization

Explanation:
With Non-Discretionary Access Control, a central authority determines what subjects can have access to
certain objects based on the organizational security policy. The access controls may be based on the
individual’s role in the organization (role-based access control) or the subject’s responsibilities and duties (taskbased access control). In an organization where there are frequent personnel changes, non-discretionary
access control is useful because the access controls are based on the individual’s role or title within the
organization. These access controls do not need to be changed whenever a new person takes over that role.
Incorrect Answers:
A: People not needing to use discretion is not the reason RBAC is useful in an organization where there are
frequent personnel changes.
C: With RBAC, the access controls ARE based on the individual’s role or title within the organization.
D: With RBAC, the access controls are ALWAYS based on the individual’s role or title within the organization.

Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 48
http://csrc.nist.gov/groups/SNS/rbac/


Leave a Reply