Which of the following allows a network administrator to implement an access control policy based on
individual user characteristics and NOT on job function?

A.
Attributes based

B.
Implicit deny

C.
Role based

D.
Rule based

Explanation:
Attribute-based access control allows access rights to be granted to users via policies, which combine
attributes together. The policies can make use of any type of attributes, which includes user attributes,
resource attributes and environment attributes.
Incorrect Answers:
B: Implicit deny says that if you aren’t explicitly granted access or privileges for a resource, you’re denied
access by default. An access control policy is not required for Implicit deny.
C: Role-based Access Control is basically based on a user’s job description. When a user is assigned a
specific role in an environment, that user’s access to objects is granted based on the required tasks of
that role. The question states that the access control policy should not be based on job function.
D: Rule-based access control is used for network devices, such as firewalls and routers, which filter traffic
based on filtering rules. The question states that the access control policy should based on individual user
characteristics, not devices.

http://en.wikipedia.org/wiki/Attribute-based_access_control
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 280, 284