In which of the following access control models can a user not grant permissions to other users to
see a copy of an object marked as secret that he has received, unless they have the appropriate
permissions?

A.
Discretionary Access Control (DAC)

B.
Role Based Access Control (RBAC)

C.
Mandatory Access Control (MAC)

D.
Access Control List (ACL)

Explanation:
Mandatory Access Control (MAC) is a model that uses a predefined set of access
privileges for an object of the system. Access to an object is
restricted on the basis of the sensitivity of the object and granted through authorization. Sensitivity
of an object is defined by the label
assigned to it. For example, if a user receives a copy of an object that is marked as “secret”, he
cannot grant permission to other users to see
this object unless they have the appropriate permission.
Answer option B is incorrect. Role-based access control (RBAC) is an access control model. In this
model, a user can access resources
according to his role in the organization. For example, a backup administrator is responsible for
taking backups of important data. Therefore,
he is only authorized to access this data for backing it up. However, sometimes users with different
roles need to access the same resources.
This situation can also be handled using the RBAC model.
Answer option A is incorrect. The Discretionary access control (DAC) model has an access policy
determined by the owner of an object. The
owner decides who is allowed to access the object and what privileges they have.
Answer option D is incorrect. An access control list (ACL) model has a list of permissions attached to
an object. The list specifies who or what is
allowed to access the object and what operations are allowed to be performed on the object.