CISSP · Question #701
CISSP Question #701: Real Exam Question with Answer & Explanation
The correct answer is B: Mandatory Access Control (MAC). Mandatory Access Control (MAC) is considered the most restrictive access control model because it enforces strict policies that are determined by the system or security administrator, rather than allowing users to make decisions about access. In MAC, access to resources is govern
Question
Which of the following access control models is MOST restrictive?
Options
- ADiscretionary Access Control (DAC)
- BMandatory Access Control (MAC)
- CRole Based Access Control (RBAC)
- DRule based access control
Explanation
Mandatory Access Control (MAC) is considered the most restrictive access control model because it enforces strict policies that are determined by the system or security administrator, rather than allowing users to make decisions about access. In MAC, access to resources is governed by a centralized security policy. The system defines access controls based on classification levels (e.g., confidential, secret, top secret) and the user's clearance level, as well as specific labels on data. Users cannot change these permissions or grant access to others. This makes it more restrictive than the other models, as it leaves little room for user discretion. The restrictions imposed by MAC are rigid and typically enforced in high-security environments, such as military or government systems, where data classification and security are critical.
Topics
Community Discussion
No community discussion yet for this question.