nerdexam
(ISC)2

CAP · Question #261

Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

The correct answer is B. Role-Based Access Control. Role-Based Access Control (RBAC) restricts system access based on a user's defined role within an organization, ensuring users only access resources needed for their job function.

Selection and Approval of Framework, Security, and Privacy Controls

Question

Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

Options

  • AMandatory Access Control
  • BRole-Based Access Control
  • CDiscretionary Access Control
  • DPolicy Access Control

How the community answered

(39 responses)
  • A
    3% (1)
  • B
    87% (34)
  • C
    8% (3)
  • D
    3% (1)

Why each option

Role-Based Access Control (RBAC) restricts system access based on a user's defined role within an organization, ensuring users only access resources needed for their job function.

AMandatory Access Control

Mandatory Access Control (MAC) enforces access based on security labels and classifications assigned by a central authority, not by job role or resource need.

BRole-Based Access ControlCorrect

RBAC assigns permissions to roles rather than individuals, and users are assigned to appropriate roles - this directly enforces least-privilege access by limiting each user to only the resources required for their specific job function. It is the standard model used when an administrator wants to align access rights with organizational roles. This makes it ideal for managing large numbers of users with predictable job-based access needs.

CDiscretionary Access Control

Discretionary Access Control (DAC) allows resource owners to grant or revoke access at their own discretion, which does not systematically limit users to only required resources.

DPolicy Access Control

Policy Access Control is not a recognized standard access control model in information security frameworks.

Concept tested: Role-Based Access Control model and least privilege

Source: https://csrc.nist.gov/glossary/term/role_based_access_control

Topics

#Access Control Models#Role-Based Access Control#Least Privilege Principle

Community Discussion

No community discussion yet for this question.

Full CAP Practice