CERTIFIED-IN-CYBERSECURITY · Question #147
CERTIFIED-IN-CYBERSECURITY Question #147: Real Exam Question with Answer & Explanation
The correct answer is D: In MAC, security administrators assign access permissions; in DAC, access permissions are set. Both Mandatory Access Control (MAC) and Discretionary Access Control (DAC) are used to control access to resources in computer systems (see ISC2 Study Guide, chapter 3, module 3). That being said, the two differ in how the access control rules are enforced. In MAC systems, access
Question
What is the most important difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)?
Options
- AIn MAC, security administrators set the roles for the users; in DAC, roles are set at the object
- BIn MAC, security administrators assign access permissions; in DAC, security administrators set
- CIn MAC, access permissions are set at the object owner's discretion; in DAC, it is up to security
- DIn MAC, security administrators assign access permissions; in DAC, access permissions are set
Explanation
Both Mandatory Access Control (MAC) and Discretionary Access Control (DAC) are used to control access to resources in computer systems (see ISC2 Study Guide, chapter 3, module 3). That being said, the two differ in how the access control rules are enforced. In MAC systems, access to resources is granted or denied based on the resource's sensitivity and the user's clearance level, as determined by a central authority. This means that users cannot grant resource access to other users. In contrast, DAC is a type of access control in which access to resources is based on the discretion of the owner of the resource. In DAC systems, users can grant or deny access to their files or resources. In practice, a resource owner can decide which users have access to that resource (see ISC2 Study Guide, chapter 1, module 3, under Understand Logical Access Controls).
Topics
Community Discussion
No community discussion yet for this question.