In a discretionary mode, which of the following entities is authorized to grant information access to
other people?
A.
Manager
B.
Group leader
C.
Security manager
D.
User
Explanation:
Discretionary control is the most common type of access control mechanism
implemented in computer systems today. The basis of this kind of security is that an individual
user, or program operating on the user’s behalf, is allowed to specify explicitly the types of access
other users (or programs executing on their behalf) may have to information under the user’s
control. Discretionary security differs from mandatory security in that it implements the access
control decisions of the user. Mandatory controls are driven by the results of a comparison
between the user’s trust level or clearance and the sensitivity designation of the information.