CompTIA Security Plus Mock Test Q896

Which of the following common access control models is commonly used on systems to ensure a “need to know” based on classification levels?

A. Role Based Access Controls
B. Mandatory Access Controls
C. Discretionary Access Controls
D. Access Control List

Correct Answer: B
Section: Access Control and Identity Management

Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security
restriction where some objects are restricted unless the subject has a need to know them.

Incorrect Answers:
A: Basically, Role-based Access Control is based on a user’s job description. It does not include the use of need to know.
C: Discretionary access control (DAC) is identity based, not based on classification levels.
D: Access Control List (ACL) specifies which users are allowed or refused the different types of available access based on the object type.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 278-284