Access Control Models for User Account Authorization | SY0-601 Exam Question

Access Control Models

Prev Question Next Question

Question

A user has attempted to access data at a higher classification level than the user's account is currently authorized to access.

Which of the following access control models has been applied to this user's account?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

The access control models that determine how data and resources can be accessed and managed in a system include the following:

A. Mandatory Access Control (MAC): This is a security model that controls access to resources based on security labels. In a MAC system, security labels are assigned to both users and objects. Users are granted a security clearance level, and objects are assigned a security classification level. Access to an object is granted only if the user's clearance level is greater than or equal to the object's classification level. Therefore, if a user attempts to access data at a higher classification level than their clearance level, they will be denied access.

B. Discretionary Access Control (DAC): In DAC, the owner of a resource or an administrator determines who is granted access to a resource. DAC provides the owner with full control over who can access the resource and what they can do with it. Therefore, if a user attempts to access data at a higher classification level than their account is authorized to access, it means that the DAC has been applied to their account, and the user is not authorized to access the data.

C. Role-Based Access Control (RBAC): This is a security model in which access to resources is granted based on the roles assigned to users within an organization. In RBAC, users are assigned to roles, and roles are assigned permissions to access resources. Therefore, if a user attempts to access data at a higher classification level than their authorized role, they will be denied access.

D. Attribute-Based Access Control (ABAC): In ABAC, access to resources is granted based on a set of attributes associated with the user, the resource, and the environment. These attributes can include a user's identity, job title, location, time of day, and many other factors. Access decisions are made based on policies that evaluate the attributes associated with the user, resource, and environment. Therefore, if a user attempts to access data at a higher classification level than their authorized attributes, they will be denied access.

Therefore, based on the scenario described in the question, it can be concluded that the access control model applied to the user's account is Mandatory Access Control (MAC), as the user attempted to access data at a higher classification level than their authorized clearance level.