CERTIFIED-IN-CYBERSECURITY Question #482: Real Exam Question with Answer & Explanation

Question

Which of the following statement is related to Discretionary Access Control (DAC)?

Options

• AAllows the system administrator to have full control
• BAllows the last user to determine access
• CProvides dynamic access control based on predefined rules
• DAllows the creator of the object to dictate access

Explanation

Discretionary Access Control (DAC) allows the creator of the object to dictate access. This access control model allows the owner or creator of a resource to decide who has access to it and how much access they have (see ISC2 Study Guide, Chapter 3, Module 3). For example, consider a collaborative online document created by an employee in an organization. The employee can choose to grant access to view or edit the document to selected partners on the project. The control here is with the creator of the document, which is consistent with the principles of the DAC model. The remaining options are incorrect for distinct reasons. First, the statement that the system administrator has full control could be misinterpreted as suggesting the Mandatory Access Control (MAC) model, where direct access control rests with the system administrator, who sets global access control policies. However, additional controls, such as Segregation of Duties, are often applied as compensating security controls. The statement that it provides dynamic access control based on predefined rules refers to a description of the Rule-Based Access Control (RuBAC) model, where the control typically isn't personal, but rather adheres to a set of predefined rules that are applied system-wide. Finally, the idea that the last user to determine access isn't representative of any accepted access control model and introduces potential security vulnerabilities through unrestricted access.

No community discussion yet for this question.