nerdexam
(ISC)2

CAP · Question #283

Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

The correct answer is D. Role-Based Access Control. Role-Based Access Control (RBAC) restricts user access based on defined job roles, directly enforcing the principle of least privilege.

Selection and Approval of Framework, Security, and Privacy Controls

Question

Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

Options

  • ADiscretionary Access Control
  • BMandatory Access Control
  • CPolicy Access Control
  • DRole-Based Access Control

How the community answered

(38 responses)
  • A
    8% (3)
  • B
    3% (1)
  • C
    3% (1)
  • D
    87% (33)

Why each option

Role-Based Access Control (RBAC) restricts user access based on defined job roles, directly enforcing the principle of least privilege.

ADiscretionary Access Control

Discretionary Access Control (DAC) allows resource owners to control access at their own discretion, which does not systematically enforce least privilege across the organization.

BMandatory Access Control

Mandatory Access Control (MAC) uses security labels and classifications set by policy to control access, typically used in high-security government environments, and is not primarily designed for role-based resource restriction.

CPolicy Access Control

Policy Access Control is not a recognized standard access control model in information security frameworks.

DRole-Based Access ControlCorrect

RBAC assigns permissions to roles rather than to individual users, and users are then assigned to the appropriate role. This ensures employees can access only the resources their job function requires, which directly satisfies the administrator's goal of limiting access to only necessary resources.

Concept tested: Role-Based Access Control and least privilege enforcement

Source: https://csrc.nist.gov/projects/role-based-access-control

Topics

#Access Control Models#Role-Based Access Control (RBAC)#Least Privilege#Security Principles

Community Discussion

No community discussion yet for this question.

Full CAP Practice