CompTIA Security Plus Mock Test Q895

A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented?

A. Mandatory access control
B. Discretionary access control
C. Rule based access control
D. Role based access control

Correct Answer: A
Section: Access Control and Identity Management

Explanation:
Mandatory Access Control (MAC) allows access to be granted or restricted based on the rules of classification. MAC in corporate business environments involve the following four
sensitivity levels
Public
Sensitive
Private
Confidential
MAC assigns subjects a clearance level and assigns objects a sensitivity label. The name of the clearance level must be the same as the name of the sensitivity label assigned to
objects or resources. In this case the file is marked confidential, and the user does not have that clearance level and cannot access the file.

Incorrect Answers:
B: Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner, not on its
clearance level.
C: Rule-based access control is used for network devices that filter traffic based on filtering rules.
D: Role-based Access Control is basically based on a user’s job description.