CompTIA Security Plus Mock Test Q897

Which of the following access controls enforces permissions based on data labeling at specific levels?

A. Mandatory access control
B. Separation of duties access control
C. Discretionary access control
D. Role based access control


Correct Answer: A
Section: Access Control and Identity Management

Explanation:
In a MAC environment everything is assigned a classification marker. Subjects are assigned a clearance level and objects are assigned a sensitivity label.

Incorrect Answers:
B: Separation of duties divides administrator or privileged tasks into separate groupings, which in turn, is individually assigned to unique administrators. It does not involve labelling at
specific levels.
C: Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner. It does not
involve labelling at specific levels.
D: Basically, Role-based Access Control is based on a user’s job description. It does not involve labelling at specific levels.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 278-284