CERTIFIED-IN-CYBERSECURITY · Question #160
CERTIFIED-IN-CYBERSECURITY Question #160: Real Exam Question with Answer & Explanation
The correct answer is C: Changing security attributes. As a principle, users can perform Read, Write and Execute actions with every Access Control policy. However, in discretionary access control policies, the permissions associated with each object (files or system resources) are set by the object's owner. In this model, the creator
Question
In a DAC policy scenario, which of these tasks can only be performed by a subject granted access to information?
Options
- AModifying the information
- BExecuting the information
- CChanging security attributes
- DReading the information
Explanation
As a principle, users can perform Read, Write and Execute actions with every Access Control policy. However, in discretionary access control policies, the permissions associated with each object (files or system resources) are set by the object's owner. In this model, the creator of an object implicitly becomes its owner, and therefore can decide who will have permission to the objects (see ISC2 Study Guide, chapter 3, module 3). A major weakness of DAC is that it gives users complete control to set security level settings for other users, which can result in users having more privileges than they are supposed to.
Topics
Community Discussion
No community discussion yet for this question.