In Mandatory Access Control, sensitivity labels attached to objects contain what information?

A.
The item’s classification

B.
The item’s classification and category set

C.
The item’s category

D.
The items’ need to know

Explanation:
Mandatory Access Control begins with security labels assigned to all resource objects on the system. These
security labels contain two pieces of information – a classification (top secret, confidential etc.) and a category
(which is essentially an indication of the management level, department or project to which the object is
available).
Similarly, each user account on the system also has classification and category properties from the same set of
properties applied to the resource objects. When a user attempts to access a resource under MandatoryAccess Control the operating system checks the user’s classification and categories and compares them to the
properties of the object’s security label. If the user’s credentials match the MAC security label properties of the
object access is allowed. It is important to note that both the classification and categories must match. A user
with top secret classification, for example, cannot access a resource if they are not also a member of one of the
required categories for that object.
Incorrect Answers:
A: In Mandatory Access Control, the sensitivity labels attached to objects contain a category set as well as the
item’s classification.
C: In Mandatory Access Control, the sensitivity labels attached to objects contain the item’s classification as
well as a category.
D: An item’s need to know is not something that is included in the sensitivity label. The categories portion of the
label is used to enforce need-to-know rules.

http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control