CERTIFIED-IN-CYBERSECURITY · Question #761
CERTIFIED-IN-CYBERSECURITY Question #761: Real Exam Question with Answer & Explanation
The correct answer is B: MAC. The Bell and LaPadula access control model arranges subjects and objects into security levels and defines access specifications, whereby subjects can only access objects at certain levels based on their security level. Typical access specifications can be things like "Unclassifie
Question
The Bell and LaPadula access control model is a form of: ()
Options
- ADAC
- BMAC
- CABAC
- DRBAC
Explanation
The Bell and LaPadula access control model arranges subjects and objects into security levels and defines access specifications, whereby subjects can only access objects at certain levels based on their security level. Typical access specifications can be things like "Unclassified personnel cannot read data at confidential levels" or "Top-Secret data cannot be written into the files at unclassified levels". Since subjects cannot change access specifications, this model is a form of mandatory access control (MAC). In contrast, Discretionary Access Control (DAC) leaves a certain level of access control to the discretion of the object's owner. The Attribute Based Access Control (ABAC) is based on subject and object attributes (not only classification). Finally, Role Based Access Control (RBAC) is a model for controlling access to objects where permitted actions are identified with roles rather than individual subject identities.
Topics
Community Discussion
No community discussion yet for this question.