nerdexam
CompTIA

SY0-301 · Question #77

A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control?

The correct answer is C. Mandatory Access Controls. Mandatory Access Control (MAC) enforces access based on security labels or classifications (e.g., Top Secret, Secret, Confidential) assigned to both data and users, combined with need-to-know rules. This matches the scenario exactly. Role-based Access Control (RBAC) (B) assigns p

General security concepts

Question

A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control?

Options

  • AImplicit deny
  • BRole-based Access Control
  • CMandatory Access Controls
  • DLeast privilege

How the community answered

(38 responses)
  • A
    3% (1)
  • B
    5% (2)
  • C
    89% (34)
  • D
    3% (1)

Explanation

Mandatory Access Control (MAC) enforces access based on security labels or classifications (e.g., Top Secret, Secret, Confidential) assigned to both data and users, combined with need-to-know rules. This matches the scenario exactly. Role-based Access Control (RBAC) (B) assigns permissions based on job roles, not classification levels. Implicit deny (A) is a rule that blocks all traffic not explicitly permitted. Least privilege (D) is a general principle of granting minimum required access, not a specific model based on data classification.

Topics

#mandatory access controls#data classification#need-to-know#access control models

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice