CERTIFIED-IN-CYBERSECURITY Question #284: Real Exam Question with Answer & Explanation

Question

What is the primary purpose of implementing role-based access control (RBAC)?

Options

• ATo provide an additional layer of security through encryption
• BTo prevent unauthorized physical access to facilities
• CTo monitor user activity within a network
• DTo grant users access to resources based on their job responsibilities

Explanation

Role-based access control (RBAC) assigns users to roles based on their job functions and grants them access to resources required for their roles (see ISC2 Study Guide, Module 3, under Role- Based Access Control). This allows for efficient and consistent management of access rights. RBAC is an important part of logical access control, as it ensures that users have access to the resources they need to do their jobs, while preventing unauthorized access to sensitive data. For example, in a hospital, a nurse might have access to patient records, while a billing clerk might have access to billing information. This role-based separation ensures that users only have access to the information they need to do their jobs, which improves security by limiting the potential for unauthorized access. The other options do not accurately describe the primary purpose of RBAC. Preventing unauthorized physical access to facilities is a function of physical security controls, not RBAC. Then, providing an additional layer of security through encryption describes a data protection method, not an access control strategy. While encryption can be used in conjunction with RBAC to enhance security, it is not the primary purpose of RBAC. Finally, monitoring user activity on a network is a function of network monitoring and intrusion detection systems, not RBAC. While RBAC can support monitoring by limiting access, it is not primarily designed for this purpose

No community discussion yet for this question.