SY0-301 · Question #184
Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?
The correct answer is A. Attributes based. Attribute-Based Access Control (ABAC) grants or denies access based on individual user attributes such as department, clearance level, or location - not on assigned job roles.
Question
Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?
Options
- AAttributes based
- BImplicit deny
- CRole based
- DRule based
How the community answered
(32 responses)- A88% (28)
- B3% (1)
- C3% (1)
- D6% (2)
Why each option
Attribute-Based Access Control (ABAC) grants or denies access based on individual user attributes such as department, clearance level, or location - not on assigned job roles.
ABAC evaluates policies against a set of attributes associated with the user, the resource, and the environment at the time of the access request. This allows fine-grained, individual-level access decisions that go beyond broad job function groupings, satisfying the requirement for characteristics-based control.
Implicit deny is a default-deny rule stating that anything not explicitly permitted is blocked; it is a policy stance, not an access control model based on user characteristics.
Role-based access control (RBAC) assigns permissions to roles and then assigns users to those roles - it is explicitly based on job function, which the question rules out.
Rule-based access control applies static, predefined rules (e.g., time-of-day restrictions) rather than evaluating individual user characteristics.
Concept tested: Attribute-Based Access Control (ABAC) vs RBAC
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-162.pdf
Topics
Community Discussion
No community discussion yet for this question.