CERTIFIED-IN-CYBERSECURITY Question #390: Real Exam Question with Answer & Explanation

Question

What is the primary difference between DAC and MAC?

Options

• AThe type of systems they are used on
• BThe person who controls access (object owner in DAC, security administrators in MAC)
• CThe level of security they provide
• DThe technology they use

Explanation

The primary distinction between Discretionary Access Control (DAC) and Mandatory Access Control (MAC) is who controls access. In DAC environments, access is controlled by the respective object owners, while in MAC environments, control is managed by designated security administrators (see the ISC2 Study Guide, Chapter 3, Module 3). Consider a document sharing system. In DAC settings, the person who creates a file can determine who can read or edit it. In contrast, in a MAC framework, such permissions would generally be set by a system or security administrator based on predefined security policies that focus on factors such as the sensitivity of the information in the document and the user's clearance level. The other options do not accurately describe the primary difference between DAC and MAC. The level of security they provide is not the primary difference, as both DAC and MAC can provide high levels of security depending on how they are implemented. The type of systems on which they are deployed is also not a defining difference, as both DAC and MAC can be deployed on different types of systems. Finally, the technology they use is not the primary difference either, as both DAC and MAC can use a range of technologies to enforce access control

No community discussion yet for this question.