CISSP · Question #1389
What is a use for mandatory access control (MAC)?
The correct answer is D. Allows for object security based on sensitivity represented by a label. Mandatory Access Control (MAC) is a security model where access to objects is governed by sensitivity labels assigned to both subjects and objects, with the system enforcing policy rather than object owners.
Question
What is a use for mandatory access control (MAC)?
Options
- AAllows for labeling of sensitive user accounts for access control
- BAllows for mandatory user identity and passwords based on sensitivity
- CAllows for mandatory system administrator access control over objects
- DAllows for object security based on sensitivity represented by a label
How the community answered
(52 responses)- A4% (2)
- B2% (1)
- D94% (49)
Why each option
Mandatory Access Control (MAC) is a security model where access to objects is governed by sensitivity labels assigned to both subjects and objects, with the system enforcing policy rather than object owners.
MAC labels are applied to objects (files, resources) and subjects (users, processes) based on sensitivity classifications, not specifically to 'sensitive user accounts' for access control purposes.
MAC does not govern password policies or mandate identity authentication mechanisms; it is specifically concerned with controlling access to objects through sensitivity labels after authentication has already occurred.
MAC removes discretionary control from system administrators and object owners entirely - access decisions are enforced by the operating system based on policy and sensitivity labels, not by administrator choice.
MAC works by assigning sensitivity labels (such as Confidential, Secret, Top Secret) to objects like files and resources, and access is granted or denied based on the comparison of a subject's clearance label against the object's sensitivity label. The system - not the owner - enforces these label-based decisions, making it a rigid, policy-driven model used in high-security environments like government and military systems.
Concept tested: Mandatory Access Control (MAC) label-based object security
Source: https://csrc.nist.gov/glossary/term/mandatory_access_control
Topics
Community Discussion
No community discussion yet for this question.