A company has recently won a classified government contract involving both confidential and restricted information. To ensure proper authorization for
authenticated users and restrict unauthorized users from accessing information above their clearance, the company should establish:
A.
discretionary access control.
B.
mandatory access control.
C.
rule-based access control.
D.
role-based access control.
why its not Role-based?
0
0
Really why not Role-based? Who know this 523 questions valid or not? On real exam this question include or not?
0
0
The answer is Mandatory Access Control (MAC) because the keywords used in the question are “government” and “clearance”. Government clearances is an example of Mandatory Access Control (assigning sensitivity to the information and assigning authorization to the subjects/people). In the question, the sensitivity of the data is “confidential and restricted”. The authorization assigned to subjects/people is their “clearance”. Also, remember in MAC, a label is attached to *every* subject (person) and object (data). For role based access control, the user is assigned a set of roles, and roles are in turned assigned access permissions. The objects/data is not required to have a label such as “confidential” or “restricted”. I guess to make it more clear, the question could be restated to emphasis the labeling on the data and people.
0
0
http://www.professormesser.com/security-plus/sy0-401/authorization-and-access-control-2/
0
0