nerdexam
GIAC

GSEC · Question #273

GSEC Question #273: Real Exam Question with Answer & Explanation

The correct answer is C. Variable trust access control. This scenario describes an access control model that applies different authentication requirements based on network location, representing variable trust access control.

Question

A web application requires multifactor authentication when a user accesses the application from a home office but does not require this when the user is in the office. What access control model is this describing?

Options

  • ALattice based access control
  • BAccess control list
  • CVariable trust access control
  • DRole based access control

Explanation

This scenario describes an access control model that applies different authentication requirements based on network location, representing variable trust access control.

Common mistakes.

  • A. Lattice-based access control uses security labels and clearance levels to define subject-to-object access relationships, not contextual factors like network location.
  • B. An access control list defines specific permissions for users or groups on resources but does not dynamically adjust authentication requirements based on location or context.
  • D. Role-based access control grants permissions based on a user's assigned organizational role, not based on the network location or environmental context from which they connect.

Concept tested. Context-aware variable trust access control

Reference. https://csrc.nist.gov/publications/detail/sp/800-207/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice