CompTIA Security Plus Mock Test Q927

Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?

A. Attributes based
B. Implicit deny
C. Role based
D. Rule based

Correct Answer: A
Section: Access Control and Identity Management

Explanation:
Attribute-based access control allows access rights to be granted to users via policies, which combine attributes together. The policies can make use of any type of attributes, which
includes user attributes, resource attributes and environment attributes.

Incorrect Answers:
B: Implicit deny says that if you aren’t explicitly granted access or privileges for a resource, you’re denied access by default. An access control policy is not required for Implicit deny.
C: Role-based Access Control is basically based on a user’s job description. When a user is assigned a specific role in an environment, that user’s access to objects is granted based
on the required tasks of that role. The question states that the access control policy should not be based on job function.
D: Rule-based access control is used for network devices, such as firewalls and routers, which filter traffic based on filtering rules. The question states that the access control policy
should based on individual user characteristics, not devices.

References:
http://en.wikipedia.org/wiki/Attribute-based_access_control
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 280, 284