With MAC, who may make decisions that bear on policy?
A.
None of the choices.
B.
All users.
C.
Only the administrator.
D.
All users except guests.
Explanation:
As the name implies, the Mandatory Access Control defines an imposed access control
level. MAC is defined as follows in the Handbook of Information Security Management:
With mandatory controls, only administrators and not owners of resources may make
decisions that bear on or derive from policy. Only an administrator may change the
category of a resource, and no one may grant a right of access that is explicitly
forbidden in the access control policy.