Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category
of access control?
A.
Discretionary Access Control (DAC)
B.
Mandatory Access control (MAC)
C.
Non-Discretionary Access Control (NDAC)
D.
Lattice-based Access control
Explanation:
Rule-based access control is considered nondiscretionary because the users cannot make access decisions
based upon their own discretion.
Incorrect Answers:
A: Discretionary Access Control (DAC) allows data owners to dictate what subjects have access to the files and
resources they own.
B: Mandatory Access control is considered nondiscretionary and is based on a security label system
D: Lattice-based Access control is known as a label-based access control, or rule-based access control
restriction.Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228
https://en.wikipedia.org/wiki/Lattice-based_access_control