Access control techniques do not include which of the following choices?

A.
Relevant Access Controls

B.
Discretionary Access Controls

C.
Mandatory Access Controls

D.
Lattice Based Access Controls

Explanation:
“Mandatory Access Control. The authorization of a subject’s access to an object
depends upon labels, which indicate the subject’s clearance, and the classification or sensitivity of
the object.”
“Rule-based access control is a type of mandatory access control because rules determine this
access, rather than the identity of the subjects and objects alone.”
“Discretionary Access Control. The subject has authority, within certain limitations, to specify what
objects are accessible.”
“When a user with certain limitations has the right to alter the access control to certain objects, this
is termed as user-directed discretionary access control.”
“An identity-based access control is a type of a discretionary access control based on an

individual’s identity.”
“In some instances, a hybrid approach is used, which combines the features of user-based and
identity-based discretionary access control.”
“Non-discretionary Access Control. A Central authority determines what subjects can have access
to certain objects based on the organizational security policy.”
“The access controls might be based on the individuals role in the organization (role-based) or the
subject’s responsibilities and duties (task-based).”
“[Lattice-based] In this type of control, a lattice model is applied.
“Access control can be characterized as context-dependent or content dependent.”
Pg. 45-46 Krutz: The CISSP Prep Guide: Gold Edition