GIAC
GCIH · Question #326
GCIH Question #326: Real Exam Question with Answer & Explanation
The correct answer is D: Mandatory Access Control. Mandatory Access Control (MAC) enforces security policy through system-assigned sensitivity labels, removing discretion from individual users.
Incident Response & Cyber Kill Chain
Question
Which of the following controls is described in the statement given below? "It ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at."
Options
- ARole-based Access Control
- BAttribute-based Access Control
- CDiscretionary Access Control
- DMandatory Access Control
Explanation
Mandatory Access Control (MAC) enforces security policy through system-assigned sensitivity labels, removing discretion from individual users.
Common mistakes.
- A. Role-Based Access Control grants permissions based on a user's assigned role within an organization, not through sensitivity labels assigned to data.
- B. Attribute-Based Access Control evaluates a combination of user, resource, and environmental attributes dynamically, which differs from label-based MAC enforcement.
- C. Discretionary Access Control allows resource owners to set permissions at their own discretion, meaning enforcement does rely on user compliance, which is the opposite of what the statement describes.
Concept tested. Mandatory Access Control sensitivity labels and enforcement
Reference. https://csrc.nist.gov/glossary/term/mandatory_access_control
Topics
#mandatory access control#sensitivity labels#security policy enforcement#access control models
Community Discussion
No community discussion yet for this question.