nerdexam
CompTIA

SY0-301 · Question #184

Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?

The correct answer is A. Attributes based. Attribute-Based Access Control (ABAC) grants or denies access based on individual user attributes such as department, clearance level, or location - not on assigned job roles.

General security concepts

Question

Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?

Options

  • AAttributes based
  • BImplicit deny
  • CRole based
  • DRule based

How the community answered

(32 responses)
  • A
    88% (28)
  • B
    3% (1)
  • C
    3% (1)
  • D
    6% (2)

Why each option

Attribute-Based Access Control (ABAC) grants or denies access based on individual user attributes such as department, clearance level, or location - not on assigned job roles.

AAttributes basedCorrect

ABAC evaluates policies against a set of attributes associated with the user, the resource, and the environment at the time of the access request. This allows fine-grained, individual-level access decisions that go beyond broad job function groupings, satisfying the requirement for characteristics-based control.

BImplicit deny

Implicit deny is a default-deny rule stating that anything not explicitly permitted is blocked; it is a policy stance, not an access control model based on user characteristics.

CRole based

Role-based access control (RBAC) assigns permissions to roles and then assigns users to those roles - it is explicitly based on job function, which the question rules out.

DRule based

Rule-based access control applies static, predefined rules (e.g., time-of-day restrictions) rather than evaluating individual user characteristics.

Concept tested: Attribute-Based Access Control (ABAC) vs RBAC

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-162.pdf

Topics

#attribute-based access control#ABAC#authorization#access control

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice