CompTIA Security Plus Mock Test Q899

The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?

A. Rule based access control
B. Mandatory access control
C. User assigned privilege
D. Discretionary access control

Correct Answer: D
Section: Access Control and Identity Management

Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.

Incorrect Answers:
A: Rule-based access control is used for network devices that filter traffic based on filtering rules.
B: Mandatory Access Control allows access to be granted or restricted based on the rules of classification.
C: User assigned privilege is when permissions are allowed or refused based on a specific individual user.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 278-284, 294