nerdexam
(ISC)2

CISSP · Question #1116

A user is allowed to access the file labeled "Financial Forecast," but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of access mechanism should be used to accomplish this?

The correct answer is B. Rule-based access control. Rule-based access control is a type of access mechanism that uses predefined rules or policies to grant or deny access to resources based on certain conditions or criteria. Rule-based access control can be used to accomplish the requirement of allowing a user to access the file l

Submitted by krish.m· Mar 5, 2026Identity and Access Management

Question

A user is allowed to access the file labeled "Financial Forecast," but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of access mechanism should be used to accomplish this?

Options

  • AMinimum access control
  • BRule-based access control
  • CLimited role-based access control (RBAC)
  • DAccess control list (ACL)

How the community answered

(45 responses)
  • A
    13% (6)
  • B
    76% (34)
  • C
    9% (4)
  • D
    2% (1)

Explanation

Rule-based access control is a type of access mechanism that uses predefined rules or policies to grant or deny access to resources based on certain conditions or criteria. Rule-based access control can be used to accomplish the requirement of allowing a user to access the file labeled "Financial Forecast," but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. The rule-based access control system can evaluate the attributes of the user, the file, and the environment, such as the identity, role, location, time, or date, and compare them with the rules or policies that specify the access conditions. For example, a rule-based access control policy could state that "Users in the finance department can access the file 'Financial Forecast' only from the office network and only during business hours." If the user and the file match the criteria of the rule, then access is granted; otherwise, access is denied.

Topics

#rule-based access control#access control models#time-based access#authorization

Community Discussion

No community discussion yet for this question.

Full CISSP Practice