What security model implies a central authority that determines what subjects can have access to
what objects?

A.
Centralized access control

B.
Discretionary access control

C.
Mandatory access control

D.
Non-discretionary access control

Explanation:

A role-based access control (RBAC) model, also called nondiscretionary access control, uses a
centrally administrated set of controls to determine how subjects and objects interact. – Shon
Harris, “CISSP All-in-One Exam Guide”, 3rd Ed, p 165.