SY0-501 · Question #286
SY0-501 Question #286: Real Exam Question with Answer & Explanation
The correct answer is D: Discretionary access control. The organization aims to simplify access control and empower users to determine permissions for their files and directories. Discretionary access control (DAC) is the most suitable method as it allows resource owners to manage access.
Question
An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is:
Options
- ARule-based access control
- BRole-based access control
- CMandatory access control
- DDiscretionary access control
Explanation
The organization aims to simplify access control and empower users to determine permissions for their files and directories. Discretionary access control (DAC) is the most suitable method as it allows resource owners to manage access.
Common mistakes.
- A. Rule-based access control defines access based on a set of system-defined rules, which often adds complexity and does not inherently give individual users control over their own resource permissions.
- B. Role-based access control (RBAC) assigns permissions to roles, and users inherit those permissions by being assigned to a role, which does not provide users with the direct ability to determine permissions on their specific files and directories.
- C. Mandatory access control (MAC) strictly enforces system-wide access policies based on security labels and sensitivity levels, overriding user discretion, making it highly complex and directly contrary to empowering users to manage their own file permissions.
Concept tested. Access control models (DAC, MAC, RBAC)
Community Discussion
No community discussion yet for this question.