CompTIA
CV0-003 · Question #47
CV0-003 Question #47: Real Exam Question with Answer & Explanation
The correct answer is C: Discretionary. Discretionary Access Control (DAC) gives system administrators the direct ability to assign or revoke access rights on a per-user or per-resource basis, enabling fine-grained least-privilege implementations.
Security
Question
Which of the following access control types would give a system administrator the ability to assign access according to least privilege?
Options
- ARole based
- BRule based
- CDiscretionary
- DMandatory
Explanation
Discretionary Access Control (DAC) gives system administrators the direct ability to assign or revoke access rights on a per-user or per-resource basis, enabling fine-grained least-privilege implementations.
Common mistakes.
- A. Role-based access control assigns permissions through predefined role memberships rather than direct individual assignment, limiting the administrator's ability to grant granular least-privilege access outside of the defined role boundaries.
- B. Rule-based access control governs access through system-defined conditions such as time of day or source IP, not through administrator-driven individual user assignments.
- D. Mandatory Access Control enforces access based on security classification labels dictated by system policy, removing discretionary control from the administrator entirely and preventing per-user least-privilege tuning.
Concept tested. Discretionary Access Control and least privilege assignment
Reference. https://csrc.nist.gov/glossary/term/discretionary_access_control
Topics
#access control#least privilege#DAC#authorization
Community Discussion
No community discussion yet for this question.