CISSP · Question #150
Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classific
The correct answer is C. Role Based Access Control (RBAC). The scenario describes application access granted based on job classification, which is the defining characteristic of Role Based Access Control (RBAC). RBAC assigns permissions to roles (job functions) rather than to individual users.
Question
Options
- ALeast privilege
- BLattice Based Access Control (LBAC)
- CRole Based Access Control (RBAC)
- DLightweight Directory Access Control (LDAP)
How the community answered
(46 responses)- A2% (1)
- B4% (2)
- C83% (38)
- D11% (5)
Why each option
The scenario describes application access granted based on job classification, which is the defining characteristic of Role Based Access Control (RBAC). RBAC assigns permissions to roles (job functions) rather than to individual users.
Least privilege is a security principle that limits user access to only what is necessary for their job, but it is not itself an access control methodology or model that defines how access decisions are structured.
Lattice Based Access Control (LBAC) is a model that uses a lattice structure of sensitivity labels and clearance levels to govern access, typically associated with mandatory access control (MAC) environments, not job-classification-based role assignments.
Role Based Access Control (RBAC) grants access to resources based on a user's role or job classification within the organization, which directly matches the scenario's statement that 'application access is based on job classification.' In RBAC, administrators define roles aligned to job functions and assign permissions to those roles, so users inherit access rights through their assigned role rather than receiving individual permissions.
LDAP (Lightweight Directory Access Protocol) is a network protocol used to query and modify directory services such as Active Directory, not an access control methodology or model that defines how permissions are assigned.
Concept tested: Role Based Access Control (RBAC) model identification
Source: https://csrc.nist.gov/projects/role-based-access-control
Topics
Community Discussion
No community discussion yet for this question.