A security administrator wants to implement a company-wide policy to empower data owners to
manage and enforce access control rules on various resources. Which of the following should be
implemented?
A.
Mandatory access control
B.
Discretionary access control
C.
Role based access control
D.
Rule-based access control
B.
0
0
In a Discretionary Access Control (DAC) model, network users have some fl exibility regarding how information is accessed. This model allows users to share information dynamically with other users. Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.
Role-Based Access Control (RBAC) models approach the problem of access control based on
established roles in an organization.
This question did not specify the key term “role”. In fact, the policy empowers data owners to manage and enforce access control rules on various resources. It is definitely “B”.
0
0