CISSP Question #684: Real Exam Question with Answer & Explanation

Question

In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?

Options

• AMowing users access to files based on their group membership
• BAllowing users access to files based on username
• CAllowing users access to files based on the users location at time of access
• DAllowing users access to files based on the file type

Explanation

Role Based Access Control (RBAC) grants permissions based on a user's assigned role or group membership rather than individual identity or other attributes. Group membership is the defining characteristic of RBAC implementation.

Common mistakes.

• B. Granting access based on individual username is Discretionary Access Control (DAC), not RBAC, because it ties permissions directly to an individual identity rather than to a role or group.
• C. Allowing access based on the user's location at the time of access describes context-aware or attribute-based access control (ABAC), which uses environmental conditions as criteria rather than predefined roles.
• D. Granting access based on file type is a content or attribute-based rule, not RBAC, because it focuses on the characteristics of the resource rather than the role or group membership of the user requesting access.

Concept tested. Role Based Access Control (RBAC) group membership permissions

Reference. https://learn.microsoft.com/en-us/azure/role-based-access-control/overview

No community discussion yet for this question.