CERTIFIED-IN-CYBERSECURITY · Question #519
CERTIFIED-IN-CYBERSECURITY Question #519: Real Exam Question with Answer & Explanation
The correct answer is A: Based on the user's role within the organization. In a role-based access control (RBAC) model, permissions are typically assigned based on the user's role within the organization (see ISC2 Study Guide, Chapter 3, Module 3). For example, a human resources manager would have access to employee records, while a sales manager would
Question
How are permissions typically assigned in a role-based access control (RBAC) model?
Options
- ABased on the user's role within the organization
- BBased on the needs of the individual user
- CBased on the last user to access the system
- DBased on the discretion of the systems administrator
Explanation
In a role-based access control (RBAC) model, permissions are typically assigned based on the user's role within the organization (see ISC2 Study Guide, Chapter 3, Module 3). For example, a human resources manager would have access to employee records, while a sales manager would have access to sales data. This ensures that users only have access to the information they need to do their jobs, improving security by limiting the potential for unauthorized access or misuse of data. Permissions are typically not assigned based on the needs of the individual user, as this would not provide a consistent or easily manageable access control model. Permissions are also not assigned based on the last user to access the system, as this would not provide a reliable or secure method of controlling access. Finally, privileges are typically not assigned at the discretion of the systems administrator, as this would not provide a scalable or efficient method of managing access control.
Topics
Community Discussion
No community discussion yet for this question.