CISSP Question #919: Real Exam Question with Answer & Explanation

The correct answer is A: security classification and security clearance. Mandatory Access Control (MAC) is a type of access control model where access to resources is based on the security classification of the data and the security clearance of the user. In a MAC system, access decisions are not made by the owner of the data (as in Discretionary Acce

Submitted by eva_at· Mar 5, 2026Identity and Access Management (IAM)

Question

Mandatory Access Controls (MAC) are based on:

Options

Asecurity classification and security clearance
Bdata segmentation and data classification
Cdata labels and user access permissions
Duser roles and data encryption

Explanation

Mandatory Access Control (MAC) is a type of access control model where access to resources is based on the security classification of the data and the security clearance of the user. In a MAC system, access decisions are not made by the owner of the data (as in Discretionary Access Control, or DAC), but are determined by a central authority based on predefined policies. Key components of MAC include: Security classifications: This refers to the sensitivity level of data (e.g., confidential, secret, top Security clearances: This refers to the level of authorization a user has to access data (e.g., public, confidential, secret). In MAC, access is determined by system-enforced policies, ensuring that users only access data for which they have appropriate clearance, regardless of their role or ownership of the data.

Topics

#Mandatory Access Control (MAC)#security classification#security clearance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions