CompTIA Security Plus Mock Test Q893

A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control?

A. Implicit deny
B. Role-based Access Control
C. Mandatory Access Controls
D. Least privilege

Correct Answer: C
Section: Access Control and Identity Management

Explanation:
Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security
restriction where some objects are restricted unless the subject has a need to know them.

Incorrect Answers:
A: Implicit deny says that if you aren’t explicitly granted access or privileges for a resource, you’re denied access by default.
B: Basically, Role-based Access Control is based on a user’s job description. It does not include the use of need to know.
D: Least privilege states that users should only be granted the minimum necessary access, permissions, and privileges that are required for them to accomplish their work tasks. It
does not include the use of need to know.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 278-284