Access Management Policy at XYZ Company | CS0-002 Exam Question Answer

Access Management Policy

Question

A company's senior human resources administrator left for another position, and the assistant administrator was promoted into the senior position.

On the official start day, the new senior administrator planned to ask for extended access permissions but noticed the permissions were automatically granted on that day.

Which of the following describes the access management policy in place at the company?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

The access management policy in place at the company can be described as "Role-based access control" or simply "Role-based" for short, which is option D.

Role-based access control (RBAC) is a security approach that restricts system access to authorized users based on their roles within an organization. Each user is assigned a role based on their responsibilities and job duties, and access rights are granted based on those roles. This approach simplifies access management by enabling administrators to assign and manage permissions based on the roles assigned to users, rather than managing individual permissions for each user.

In this scenario, the new senior human resources administrator noticed that the extended access permissions were automatically granted on their official start day. This suggests that the access permissions were assigned based on the new administrator's role, rather than any other factors. This aligns with the principles of role-based access control, where access rights are assigned based on the user's role.

Mandatory access control (MAC) is a policy-based access control system where the system administrator defines access rules and enforces them throughout the system. Host-based access control involves implementing access control mechanisms at the host level. Federated access involves enabling users to access resources across multiple systems and domains without having to remember multiple sets of credentials.

Therefore, based on the given scenario, the access management policy in place at the company can be best described as role-based access control (RBAC).