CERTIFIED-IN-CYBERSECURITY · Question #446
CERTIFIED-IN-CYBERSECURITY Question #446: Real Exam Question with Answer & Explanation
The correct answer is B: A policy uniformly enforced across all subjects and objects within the system boundary. Mandatory access control (MAC) is an access policy that is uniformly enforced for all subjects and objects within the system boundary. This policy manages access rights by assigning classification labels to information and clearance labels to users, and then restricting access ba
Question
We can say that Mandatory Access Control (MAC) is:
Options
- AA policy where subjects have complete control over access to information
- BA policy uniformly enforced across all subjects and objects within the system boundary
- CA policy that allows all users to access any information in the system
- DA type of access control that only exists in physical security systems
Explanation
Mandatory access control (MAC) is an access policy that is uniformly enforced for all subjects and objects within the system boundary. This policy manages access rights by assigning classification labels to information and clearance labels to users, and then restricting access based on these labels (ISC2 Study Guide, Chapter 3, Module 3, MAC). The other options are misconceptions about MAC. A policy that gives individuals total control over access to information would not be viable because it would not provide the level of protection required for classified information. MAC doesn't provide universal access to all information in the system. Finally, MAC is not simply a tool for physical security systems (D); it operates within a digital framework to restrict and monitor access to classified information, including but not limited to physical security
Topics
Community Discussion
No community discussion yet for this question.