Which of the following correctly describe Role based access control?
A.
It allows you to specify and enforce enterprise-specific security policies in a way that maps to
your user profile groups.
B.
It allows you to specify and enforce enterprise-specific security policies in a way that maps to
your organizations structure.
C.
It allows you to specify and enforce enterprise-specific security policies in a way that maps to
your ticketing system.
D.
It allows you to specify and enforce enterprise-specific security policies in a way that maps to
your ACL.
Explanation:
Role based access control (RBAC) is an alternative to traditional discretionary (DAC)
and mandatory access control (MAC) policies. The principle motivation behind RBAC is
the desire to specify and enforce enterprise-specific security policies in a way that
maps naturally to an organization’s structure. Traditionally, managing security has
required mapping an organization’s security policy to a relatively low-level set of
controls, typically access control lists.
Vague question and vague answers.
Here is what NIST says about Role Based AC:
“A key feature of this model is that all access is through roles. A role is essentially a collection of permissions, and all users receive permissions only through the roles to which they are assigned, or through roles they inherit through the role hierarchy. Within an organization, roles are relatively stable, while users and permissions are both numerous and may change rapidly. Controlling all access through roles therefore simplifies the management and review of access controls.”
http://csrc.nist.gov/groups/SNS/rbac/faq.html
0
0