What is called a type of access control where a central authority determines what subjects can have
access to certain objects, based on the organizational security policy?
A.
Mandatory Access Control
B.
Discretionary Access Control
C.
Non-discretionary Access Control
D.
Rule-based access control
Explanation:
Non-Discretionary Access Control. A central authority determines what subjects can have access to
certain objects based on organizational security policy. The access controls may be based on the
individual’s role in the organization (role-based) or the subject’s responsibilities and duties (taskbased).
Pg. 33 Krutz: The CISSP Prep Guide.