With MAC, who may NOT make decisions that derive from policy?
A.
All users except the administrator.
B.
The administrator.
C.
The power users.
D.
The guests.
Explanation:
As the name implies, the Mandatory Access Control defines an imposed access control
level. MAC is defined as follows in the Handbook of Information Security Management:
With mandatory controls, only administrators and not owners of resources may make
decisions that bear on or derive from policy. Only an administrator may change the
category of a resource, and no one may grant a right of access that is explicitly
forbidden in the access control policy.