CSSLP Question #135: Real Exam Question with Answer & Explanation

The correct answer is D: Mandatory Access Control. Mandatory Access Control (MAC) is an access control model that uses a predefined set of access privileges (sensitivity labels or security classifications) for system objects, which are enforced by the operating system or security kernel.

Secure Software Concepts

Question

Which of the following access control models uses a predefined set of access privileges for an object of a system?

Options

ARole-Based Access Control
BDiscretionary Access Control
CPolicy Access Control
DMandatory Access Control

Explanation

Mandatory Access Control (MAC) is an access control model that uses a predefined set of access privileges (sensitivity labels or security classifications) for system objects, which are enforced by the operating system or security kernel.

Common mistakes.

A. Role-Based Access Control (RBAC) grants permissions to users based on their assigned organizational roles, not on predefined security levels of objects.
B. Discretionary Access Control (DAC) allows object owners to set permissions for other users, meaning privileges are determined by the owner, not a predefined system-wide set.
C. Policy Access Control is a broad term and not a specific, recognized access control model that inherently uses a predefined set of privileges for objects; MAC is a type of policy-based control.

Concept tested. Mandatory Access Control (MAC)

Reference. https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/mandatory-access-control

Topics

#Access Control Models#Mandatory Access Control#Security Principles

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions