The company’s sales team plans to work late to provide the Chief Executive Officer (CEO) with a special
report of sales before the quarter ends. After working for several hours, the team finds they cannot save
or print the reports.
Which of the following controls is preventing them from completing their work?
A.
Discretionary access control
B.
Role-based access control
C.
Time of Day access control
D.
Mandatory access control
Explanation:
Time of day restrictions limit when users can access specific systems based on the time of day or week. It
can limit access to sensitive environments to normal business hours when oversight and monitoring can
be performed to prevent fraud, abuse, or intrusion. In this case, the sales team is prevented from saving
or printing reports after a certain time.
Incorrect Answers:
A: Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based
on user identity and on the discretion of the object owner. Since the sales team had access, and the
restriction only kicked in after several hours, DAC cannot be responsible.
B: Role-based Access Control is basically based on a user’s job description. When a user is assigned a
specific role in an environment, that user’s access to objects is granted based on the required tasks ofthat role. Since the sales team needs to save and print reports, they would not be restricted if restrictions
were role-based.
D: Mandatory Access Control allows access to be granted or restricted based on the rules of classification.
Since they had access earlier, they clearly had the necessary classification.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 278-284