In a discretionary mode, which of the following entities is authorized to grant information access to
other people?

A.
Manager

B.
Group leader

C.
Security manager

D.
User

Explanation:
Discretionary control is the most common type of access control mechanism implemented in
computer systems today. The basis of this kind of security is that an individual user, or program
operating on the user’s behalf, is allowed to specify explicitly the types of access other users (or
programs executing on their behalf) may have to information under the user’s control. Discretionary
security differs from mandatory security in that it implements the access control decisions of the
user. Mandatory controls are driven by the results of a comparison between the user’s trust level or
clearance and the sensitivity designation of the information.