nerdexam
(ISC)2

CISSP · Question #545

What type of access control determines the authorization to resource based on pre-defined job titles within an organization?

The correct answer is A. Role-Based Access Control (RBAC). Role-Based Access Control (RBAC) grants permissions based on predefined roles tied to job functions or titles within an organization, rather than individual user identities.

Submitted by kevin_r· Mar 5, 2026Identity and Access Management (IAM)

Question

What type of access control determines the authorization to resource based on pre-defined job titles within an organization?

Options

  • ARole-Based Access Control (RBAC)
  • BRole-based access control
  • CNon-discretionary access control
  • DDiscretionary Access Control (DAC)

How the community answered

(31 responses)
  • A
    87% (27)
  • B
    6% (2)
  • C
    3% (1)
  • D
    3% (1)

Why each option

Role-Based Access Control (RBAC) grants permissions based on predefined roles tied to job functions or titles within an organization, rather than individual user identities.

ARole-Based Access Control (RBAC)Correct

RBAC assigns access rights based on predefined roles that correspond to job titles or functions (e.g., Manager, Auditor, Administrator), meaning users inherit permissions from their assigned role rather than receiving individual grants. This model simplifies administration by aligning access with organizational structure, and 'Role-Based Access Control (RBAC)' is the formal, complete name for this model as recognized in security standards like NIST SP 800-207.

BRole-based access control

While 'Role-based access control' is conceptually the same idea, choice A uses the complete and formally recognized acronym (RBAC), making it the more precise and complete answer in an exam context where specificity matters.

CNon-discretionary access control

Non-discretionary access control is a broader category that includes models like Mandatory Access Control (MAC), where access decisions are enforced by a central authority based on classifications, not job titles or roles.

DDiscretionary Access Control (DAC)

Discretionary Access Control (DAC) allows resource owners to grant or restrict access at their own discretion, meaning permissions are set by the data owner rather than predefined organizational roles or job titles.

Concept tested: Role-Based Access Control (RBAC) authorization model

Source: https://csrc.nist.gov/projects/role-based-access-control

Topics

#RBAC#access control models#authorization

Community Discussion

No community discussion yet for this question.

Full CISSP Practice