CISSP · Question #545
What type of access control determines the authorization to resource based on pre-defined job titles within an organization?
The correct answer is A. Role-Based Access Control (RBAC). Role-Based Access Control (RBAC) grants permissions based on predefined roles tied to job functions or titles within an organization, rather than individual user identities.
Question
What type of access control determines the authorization to resource based on pre-defined job titles within an organization?
Options
- ARole-Based Access Control (RBAC)
- BRole-based access control
- CNon-discretionary access control
- DDiscretionary Access Control (DAC)
How the community answered
(31 responses)- A87% (27)
- B6% (2)
- C3% (1)
- D3% (1)
Why each option
Role-Based Access Control (RBAC) grants permissions based on predefined roles tied to job functions or titles within an organization, rather than individual user identities.
RBAC assigns access rights based on predefined roles that correspond to job titles or functions (e.g., Manager, Auditor, Administrator), meaning users inherit permissions from their assigned role rather than receiving individual grants. This model simplifies administration by aligning access with organizational structure, and 'Role-Based Access Control (RBAC)' is the formal, complete name for this model as recognized in security standards like NIST SP 800-207.
While 'Role-based access control' is conceptually the same idea, choice A uses the complete and formally recognized acronym (RBAC), making it the more precise and complete answer in an exam context where specificity matters.
Non-discretionary access control is a broader category that includes models like Mandatory Access Control (MAC), where access decisions are enforced by a central authority based on classifications, not job titles or roles.
Discretionary Access Control (DAC) allows resource owners to grant or restrict access at their own discretion, meaning permissions are set by the data owner rather than predefined organizational roles or job titles.
Concept tested: Role-Based Access Control (RBAC) authorization model
Source: https://csrc.nist.gov/projects/role-based-access-control
Topics
Community Discussion
No community discussion yet for this question.