Subjects and Data Objects

C.

In a mandatory access control (MAC) environment, access to data objects is controlled by a set of rules, rather than the discretion of individual users or system administrators. In this environment, access control is enforced by the operating system itself, using labels or tags associated with both the subjects (such as users or processes) and the objects (such as files or network resources) being accessed.

The answer to the question is D. User. In a MAC environment, each user is assigned a security clearance level, and each object is assigned a security classification level. Access to an object is granted only if the user's clearance level is greater than or equal to the object's classification level. For example, a user with a "Top Secret" clearance can access an object that is classified as "Top Secret" or lower, but cannot access an object classified as "Above Top Secret."

The other options are not correct because:

• A. Owner: refers to the person who owns the object, but does not necessarily determine who can access it in a MAC environment.
• B. System: refers to the operating system itself, but does not specify access control rules.
• C. Administrator: refers to a user with administrative privileges, but does not determine access control rules in a MAC environment.

It's also worth noting that MAC is one of several access control models, including discretionary access control (DAC), role-based access control (RBAC), and attribute-based access control (ABAC), each with their own characteristics and use cases.