CAP Question #142: Real Exam Question with Answer & Explanation

The correct answer is D. It is a list containing user accounts, groups, and computers that are allowed (or denied). A Discretionary Access Control List (DACL) is the component of an object's security descriptor that grants or denies specific users, groups, and computers access to that object. Option A describes a generic Access Control List (ACL) containing Access Control Entries (ACEs) - whil

Selection and Approval of Framework, Security, and Privacy Controls

Question

Which of the following statements about Discretionary Access Control List (DACL) is true?

Options

AIt is a rule list containing access control entries.
BIt specifies whether an audit activity should be performed when an object attempts to access
CIt is a unique number that identifies a user, group,and computer account.
DIt is a list containing user accounts, groups, and computers that are allowed (or denied)

Explanation

A Discretionary Access Control List (DACL) is the component of an object's security descriptor that grants or denies specific users, groups, and computers access to that object. Option A describes a generic Access Control List (ACL) containing Access Control Entries (ACEs) - while a DACL does contain ACEs, the answer that most accurately and completely defines a DACL is D. Option B describes a System Access Control List (SACL), which is used for auditing access attempts. Option C describes a Security Identifier (SID), which is a unique value used to identify a security principal. A DACL specifically controls who is allowed or denied access to a secured object.

Topics

#Discretionary Access Control List (DACL)#Access Control#Authorization#Permissions

Community Discussion

No community discussion yet for this question.

Full CAP Practice