Which statement best describes the four main access control models: DAC, MAC, RBAC, and ABAC?

Prepare for the DSAC Annex F Test with structured quizzes and engaging exercises. Utilize flashcards and multiple-choice questions to learn effectively. Gear up for your test day success!

Multiple Choice

Which statement best describes the four main access control models: DAC, MAC, RBAC, and ABAC?

Explanation:
ABAC bases access decisions on attributes of the user, the resource, and the environment, evaluated through policies that combine these attributes. This attribute-driven approach lets decisions be context-aware and highly granular, using factors like user identity, role, time, location, and resource sensitivity to determine whether access is allowed. The other models work differently: Discretionary access control ties permissions to the resource owner’s discretion, often via ACLs; Mandatory access control enforces fixed system-wide classifications and rules; Role-based access control grants permissions to roles and assigns users to those roles. Because ABAC centers on attributes driving decisions, it best describes how access decisions are made in this model.

ABAC bases access decisions on attributes of the user, the resource, and the environment, evaluated through policies that combine these attributes. This attribute-driven approach lets decisions be context-aware and highly granular, using factors like user identity, role, time, location, and resource sensitivity to determine whether access is allowed. The other models work differently: Discretionary access control ties permissions to the resource owner’s discretion, often via ACLs; Mandatory access control enforces fixed system-wide classifications and rules; Role-based access control grants permissions to roles and assigns users to those roles. Because ABAC centers on attributes driving decisions, it best describes how access decisions are made in this model.

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy