CISSP · Question #921
The organization would like to deploy an authorization mechanism for an Information Technology (IT) infrastructure project with high employee turnover. Which access control mechanism would be preferre
The correct answer is D. Role-Based Access Control (RBAC). In environments with high employee turnover, Role-Based Access Control (RBAC) is preferred because permissions are assigned to roles rather than individuals, simplifying access management when staff frequently change.
Question
Options
- AAttribute Based Access Control (ABAC)
- BDiscretionary Access Control (DAC)
- CMandatory Access Control (MAC)
- DRole-Based Access Control (RBAC)
How the community answered
(25 responses)- A8% (2)
- B16% (4)
- C4% (1)
- D72% (18)
Why each option
In environments with high employee turnover, Role-Based Access Control (RBAC) is preferred because permissions are assigned to roles rather than individuals, simplifying access management when staff frequently change.
ABAC grants access based on multiple attributes (user, resource, environment) evaluated dynamically, which adds administrative complexity that is counterproductive in a high-turnover environment where rapid, straightforward onboarding and offboarding is needed.
DAC allows resource owners to set permissions on an individual, discretionary basis, which is difficult to manage consistently at scale and becomes a security liability in high-turnover environments where access assignments may not be promptly revoked.
MAC enforces access based on system-defined sensitivity labels and clearance levels assigned by a central authority, making it rigid and complex to administer-it is typically used in government or military environments where strict data classification is paramount, not in dynamic IT workplaces with high turnover.
RBAC assigns permissions to predefined roles (e.g., 'Help Desk Technician' or 'Network Admin') rather than to individual users, so when an employee leaves or joins, administrators simply assign or revoke a role rather than reconfiguring individual permissions. This dramatically reduces administrative overhead in high-turnover environments, minimizing the risk of orphaned accounts or excessive privileges lingering after an employee departs.
Concept tested: Access control model selection for dynamic workforce environments
Source: https://csrc.nist.gov/projects/role-based-access-control
Topics
Community Discussion
No community discussion yet for this question.