CAS-005 · Question #520
CAS-005 Question #520: Real Exam Question with Answer & Explanation
The correct answer is C: Mandatory. Mandatory Access Control (MAC) enforces centrally defined policies that determine access to sensitive data, such as medical records. It prevents users who create or enter new data from assigning permissions, thereby reducing the risk of unintentional or improper access.
Question
A security manager at a local hospital wants to secure patient medical records. The manager needs to: - Choose an access control model that clearly defines who has access to sensitive information. - Prevent those who enter new patient information from specifying who has access to this data. Which of the following access control models is the best way to ensure the lowest risk of granting unintentional access?
Options
- ARule-based
- BAttribute-based
- CMandatory
- DDiscretionary
Explanation
Mandatory Access Control (MAC) enforces centrally defined policies that determine access to sensitive data, such as medical records. It prevents users who create or enter new data from assigning permissions, thereby reducing the risk of unintentional or improper access.
Community Discussion
No community discussion yet for this question.