CompTIA Security Plus Mock Test Q986

Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann’s administrative capabilities. Which of the following systems should be deployed?

A. Role-based
B. Mandatory
C. Discretionary
D. Rule-based


Correct Answer: C
Section: Access Control and Identity Management

Explanation:
In a Discretionary Access Control (DAC) model, network users have some flexibility regarding how information is accessed. This model allows users to share information dynamically
with other users.
Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.
In this question, Ann has requested that she have the ability to assign read and write privileges to her folders. Read and write access to Ann’s files will be granted by Ann at her
discretion. Therefore, this is an example of Discretionary Access Control.

Incorrect Answers:
A: Role-Based Access Control (RBAC) models approach the problem of access control based on established roles in an organization. This does not enable Ann to provide access to
her files regardless of user role. Therefore, this answer is incorrect.
B: Mandatory Access Control allows access to be granted or restricted based on the rules of classification. It does not enable Ann to provide access to her files regardless of user role.
Therefore, this answer is incorrect.
D: Rule-Based Access Control (RBAC) uses the settings in preconfigured security policies to make all decisions. Ann needs to provide access to her files based on her discretion, not
based on preconfigured security policies. Therefore, this answer is incorrect.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 151-152