nerdexam
(ISC)2

CISSP · Question #1186

Which of the following is a unique feature of attribute-based access control (ABAC)?

The correct answer is C. A user is granted access to a system at a particular time of day.. ABAC grants access based on evaluated attributes such as time of day, location, device type, or environmental conditions, making it more dynamic and context-aware than other access control models.

Submitted by katya_ua· Mar 5, 2026Identity and Access Management

Question

Which of the following is a unique feature of attribute-based access control (ABAC)?

Options

  • AA user is granted access to a system based on group affinity.
  • BA user is granted access to a system with biometric authentication.
  • CA user is granted access to a system at a particular time of day.
  • DA user is granted access to a system based on username and password.

How the community answered

(39 responses)
  • A
    8% (3)
  • B
    3% (1)
  • C
    87% (34)
  • D
    3% (1)

Why each option

ABAC grants access based on evaluated attributes such as time of day, location, device type, or environmental conditions, making it more dynamic and context-aware than other access control models.

AA user is granted access to a system based on group affinity.

Granting access based on group affinity describes Role-Based Access Control (RBAC), where permissions are assigned to roles or groups rather than evaluated attributes.

BA user is granted access to a system with biometric authentication.

Biometric authentication is an authentication mechanism (something you are), not an access control model - it verifies identity but does not define how authorization decisions are made.

CA user is granted access to a system at a particular time of day.Correct

ABAC uniquely supports fine-grained, policy-driven access decisions based on multiple attributes - including environmental attributes like time of day. This means access can be permitted or denied depending on contextual conditions (e.g., only between 9 AM and 5 PM), which is a hallmark capability of ABAC that distinguishes it from role-based or discretionary models.

DA user is granted access to a system based on username and password.

Username and password authentication is a basic credential-based identity verification method, not a feature of any specific access control model like ABAC.

Concept tested: Attribute-based access control (ABAC) unique characteristics

Source: https://csrc.nist.gov/publications/detail/sp/800-162/final

Topics

#ABAC#access control#attribute-based access

Community Discussion

No community discussion yet for this question.

Full CISSP Practice