A security administrator is implementing an access control model that assigns permissions based on the clearance of the subject and the classification of the object. Which model is being implemented?
Trap 1: Role-Based Access Control (RBAC)
RBAC uses roles, not clearance/classification.
Trap 2: Discretionary Access Control (DAC)
DAC allows the owner to set permissions.
Trap 3: Attribute-Based Access Control (ABAC)
ABAC uses attributes but not necessarily clearance/classification.
- A
Role-Based Access Control (RBAC)
Why wrong: RBAC uses roles, not clearance/classification.
- B
Discretionary Access Control (DAC)
Why wrong: DAC allows the owner to set permissions.
- C
Attribute-Based Access Control (ABAC)
Why wrong: ABAC uses attributes but not necessarily clearance/classification.
- D
Mandatory Access Control (MAC)
MAC uses clearance and classification labels.