CERTIFIED-IN-CYBERSECURITY · Question #388
CERTIFIED-IN-CYBERSECURITY Question #388: Real Exam Question with Answer & Explanation
The correct answer is A: An access control based on user permissions set according to roles. Role-Based Access Control (RBAC) is best defined as an access control system in which user permissions are set according to roles (see ISC2 Study Guide, Chapter 3, Module 3). In an RBAC model, roles are created based on job functions and responsibilities, and users are assigned r
Question
What is Role-based Access Control (RBAC)?
Options
- AAn access control based on user permissions set according to roles
- BAn access control based on job descriptions
- CAn access control that only allows access to certain roles
- DAn access control that requires biometric verification
Explanation
Role-Based Access Control (RBAC) is best defined as an access control system in which user permissions are set according to roles (see ISC2 Study Guide, Chapter 3, Module 3). In an RBAC model, roles are created based on job functions and responsibilities, and users are assigned roles that give them the permissions they need to perform their jobs. For example, in a hospital, a nurse might have different roles and access rights than a doctor or an administrator. The other options do not define RBAC precisely. While RBAC is loosely related to job descriptions, it is not based on them, but on defined roles. In addition, RBAC does not just allow access to certain roles, it assigns permissions based on those roles. Finally, RBAC does not inherently require biometric verification because it assigns permissions based on roles, not a specific type of authentication method
Topics
Community Discussion
No community discussion yet for this question.