The IT department has setup a share point site to be used on the intranet. Security has
established the groups and permissions on the site. No one may modify the permissions and all

requests for access are centrally managed by the security team. This is an example of which of
the following control types?

A.
Rule based access control

B.
Mandatory access control

C.
User assigned privilege

D.
Discretionary access control

Explanation:
Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner
based on user identity and on the discretion of the object owner.