nerdexam
(ISC)2

CISSP · Question #1389

What is a use for mandatory access control (MAC)?

The correct answer is D. Allows for object security based on sensitivity represented by a label. Mandatory Access Control (MAC) is a security model where access to objects is governed by sensitivity labels assigned to both subjects and objects, with the system enforcing policy rather than object owners.

Submitted by kim_seoul· Mar 5, 2026Identity and Access Management

Question

What is a use for mandatory access control (MAC)?

Options

  • AAllows for labeling of sensitive user accounts for access control
  • BAllows for mandatory user identity and passwords based on sensitivity
  • CAllows for mandatory system administrator access control over objects
  • DAllows for object security based on sensitivity represented by a label

How the community answered

(52 responses)
  • A
    4% (2)
  • B
    2% (1)
  • D
    94% (49)

Why each option

Mandatory Access Control (MAC) is a security model where access to objects is governed by sensitivity labels assigned to both subjects and objects, with the system enforcing policy rather than object owners.

AAllows for labeling of sensitive user accounts for access control

MAC labels are applied to objects (files, resources) and subjects (users, processes) based on sensitivity classifications, not specifically to 'sensitive user accounts' for access control purposes.

BAllows for mandatory user identity and passwords based on sensitivity

MAC does not govern password policies or mandate identity authentication mechanisms; it is specifically concerned with controlling access to objects through sensitivity labels after authentication has already occurred.

CAllows for mandatory system administrator access control over objects

MAC removes discretionary control from system administrators and object owners entirely - access decisions are enforced by the operating system based on policy and sensitivity labels, not by administrator choice.

DAllows for object security based on sensitivity represented by a labelCorrect

MAC works by assigning sensitivity labels (such as Confidential, Secret, Top Secret) to objects like files and resources, and access is granted or denied based on the comparison of a subject's clearance label against the object's sensitivity label. The system - not the owner - enforces these label-based decisions, making it a rigid, policy-driven model used in high-security environments like government and military systems.

Concept tested: Mandatory Access Control (MAC) label-based object security

Source: https://csrc.nist.gov/glossary/term/mandatory_access_control

Topics

#Mandatory Access Control#Access control models#Data labels#Object security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice