CISSP Question #478: Real Exam Question with Answer & Explanation

The correct answer is B: Role-Based Access Control (RBAC). Role-Based Access Control (RBAC) is an access control method that assigns permissions to users based on their roles or functions within an organization. RBAC requires a consistent set of rules for controlling and limiting access, as each role is defined by a set of access rights

Submitted by priya_blr· Mar 5, 2026Identity and Access Management

Question

Individuals have been identified and determined as having a need-to-know for the information. Which of the following access control methods MUST include a consistent set of rules for controlling and limiting access?

Options

AAttribute Based Access Control (ABAC)
BRole-Based Access Control (RBAC)
CDiscretionary Access Control (DAC)
DMandatory Access Control (MAC)

Explanation

Role-Based Access Control (RBAC) is an access control method that assigns permissions to users based on their roles or functions within an organization. RBAC requires a consistent set of rules for controlling and limiting access, as each role is defined by a set of access rights that correspond to the level of authority and responsibility of the role. RBAC can simplify access management, enforce the principle of least privilege, improve security and compliance, and reduce administrative overhead.

Topics

#Mandatory Access Control#access control models#need-to-know#authorization

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions