CDPSE · Question #94
CDPSE Question #94: Real Exam Question with Answer & Explanation
The correct answer is B: Attribute-based access control (ABAC). Attribute-based access control (ABAC) is the best approach for limiting the access of regional HR team members to employee data only within their regional office, because it allows for fine- grained and dynamic access control based on attributes of the subject, object, environmen
Question
A multi-national organization has decided that regional human resources (HR) team members must be limited in their access to employee data only within their regional office. Which of the following is the BEST approach?
Options
- ADiscretionary access control (DAC)
- BAttribute-based access control (ABAC)
- CProvision-based access control (PBAC)
- DMandatory access control (MAC)
Explanation
Attribute-based access control (ABAC) is the best approach for limiting the access of regional HR team members to employee data only within their regional office, because it allows for fine- grained and dynamic access control based on attributes of the subject, object, environment, and action. Attributes are characteristics or properties that can be used to describe or identify entities, such as users, resources, locations, roles, or permissions. ABAC uses policies and rules that evaluate the attributes and grant or deny access accordingly. For example, an ABAC policy could state that a user can access an employee record if and only if the user's role is HR and the user's region matches the employee's region. This way, the access control can be tailored to the specific needs and context of the organization, without relying on predefined or fixed access
Topics
Community Discussion
No community discussion yet for this question.