nerdexam
(ISC)2

CISSP-ISSAP · Question #115

Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?

The correct answer is A. Access control entry (ACE). An Access Control Entry (ACE) is the individual building block inside a DACL - each ACE specifies a single permission grant or denial for one user or group (e.g., "Allow Administrators: Read/Write"). The DACL itself (option C) is the container that holds multiple ACEs, not an ind

Identity and Access Management (IAM) Architecture

Question

Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?

Options

  • AAccess control entry (ACE)
  • BDiscretionary access control entry (DACE)
  • CAccess control list (ACL)
  • DSecurity Identifier (SID)

How the community answered

(43 responses)
  • A
    93% (40)
  • B
    2% (1)
  • C
    5% (2)

Explanation

An Access Control Entry (ACE) is the individual building block inside a DACL - each ACE specifies a single permission grant or denial for one user or group (e.g., "Allow Administrators: Read/Write"). The DACL itself (option C) is the container that holds multiple ACEs, not an individual entry. A Security Identifier (SID) (option D) is merely the unique identifier used within an ACE to identify the user/group - it doesn't carry permission information on its own. DACE (option B) is simply a fabricated term; it doesn't exist in Windows security architecture.

Memory tip: Think of a DACL as a permission list (like a guest list), and each ACE as a line item on that list. "Entry" = ACE - the "E" in ACE literally stands for Entry.

Topics

#DACL#ACE#Access Control#Authorization

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice