CompTIA Security Plus Mock Test Q904

The company’s sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports. Which of the following controls is preventing them from completing their work?

A. Discretionary access control
B. Role-based access control
C. Time of Day access control
D. Mandatory access control

Correct Answer: C
Section: Access Control and Identity Management

Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when
oversight and monitoring can be performed to prevent fraud, abuse, or intrusion. In this case, the sales team is prevented from saving or printing reports after a certain time.

Incorrect Answers:
A: Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner. Since the sales
team had access, and the restriction only kicked in after several hours, DAC cannot be responsible.
B: Role-based Access Control is basically based on a user’s job description. When a user is assigned a specific role in an environment, that user’s access to objects is granted based
on the required tasks of that role. Since the sales team needs to save and print reports, they would not be restricted if restrictions were role-based.
D: Mandatory Access Control allows access to be granted or restricted based on the rules of classification. Since they had access earlier, they clearly had the necessary classification.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 278-284