nerdexam
(ISC)2

CISSP · Question #684

In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?

The correct answer is A. Mowing users access to files based on their group membership. Role Based Access Control (RBAC) grants permissions based on a user's assigned role or group membership rather than individual identity or other attributes. Group membership is the defining characteristic of RBAC implementation.

Submitted by chiamaka_o· Mar 5, 2026Identity and Access Management

Question

In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?

Options

  • AMowing users access to files based on their group membership
  • BAllowing users access to files based on username
  • CAllowing users access to files based on the users location at time of access
  • DAllowing users access to files based on the file type

How the community answered

(23 responses)
  • A
    91% (21)
  • B
    4% (1)
  • C
    4% (1)

Why each option

Role Based Access Control (RBAC) grants permissions based on a user's assigned role or group membership rather than individual identity or other attributes. Group membership is the defining characteristic of RBAC implementation.

AMowing users access to files based on their group membershipCorrect

RBAC works by assigning users to roles or groups, then granting permissions to those roles rather than to individuals. When a user belongs to a group (e.g., 'HR' or 'Finance'), they inherit all permissions assigned to that role, making group membership the core mechanism of RBAC. This allows administrators to manage access at scale by modifying role permissions rather than updating each user individually.

BAllowing users access to files based on username

Granting access based on individual username is Discretionary Access Control (DAC), not RBAC, because it ties permissions directly to an individual identity rather than to a role or group.

CAllowing users access to files based on the users location at time of access

Allowing access based on the user's location at the time of access describes context-aware or attribute-based access control (ABAC), which uses environmental conditions as criteria rather than predefined roles.

DAllowing users access to files based on the file type

Granting access based on file type is a content or attribute-based rule, not RBAC, because it focuses on the characteristics of the resource rather than the role or group membership of the user requesting access.

Concept tested: Role Based Access Control (RBAC) group membership permissions

Source: https://learn.microsoft.com/en-us/azure/role-based-access-control/overview

Topics

#RBAC#access control models#group membership

Community Discussion

No community discussion yet for this question.

Full CISSP Practice