CERTIFIED-IN-CYBERSECURITY · Question #449
CERTIFIED-IN-CYBERSECURITY Question #449: Real Exam Question with Answer & Explanation
The correct answer is D: The subject who created the object. In a Discretionary Access Control (DAC) model, the subject who created the object dictates the access control rules. This means that the owner of the information or resource has the discretion to determine who else can access it (see the ISC2 Study Guide, Chapter 3, Module 3). Fo
Question
Who dictates the access controls rules in a Discretionary Access Control (DAC)?
Options
- AOnly security administrators
- BThe CEO or CISO of the company
- CThe last user who used the object
- DThe subject who created the object
Explanation
In a Discretionary Access Control (DAC) model, the subject who created the object dictates the access control rules. This means that the owner of the information or resource has the discretion to determine who else can access it (see the ISC2 Study Guide, Chapter 3, Module 3). For example, in a file-sharing system that uses a DAC model, a user who creates a file can decide who else can view, edit, or delete the file. You might allow some users to view the file but not edit it, while other users have full access. The other options are incorrect because in a DAC model, security administrators, the last user to use the object, and the company's CEO or CISO do not dictate access control rules. In practice, the owner of the information or resource has that
Topics
Community Discussion
No community discussion yet for this question.