Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Exam ISSMP Topic 3 Question 44 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 44
Topic #: 3
[All ISSMP Questions]

Which of the following options is an approach to restricting system access to authorized users?

Show Suggested Answer Hide Answer
Suggested Answer: C

Role-based access control (RBAC) is an approach to restricting system access to authorized users. It is a newer alternative approach to mandatory access control (MAC) and discretionary access control (DAC). RBAC is sometimes referred to as role-based security. RBAC is a policy neutral and flexible access control technology sufficiently powerful to simulate DAC and MAC. Conversely, MAC can simulate RBAC if the role graph is restricted to a tree rather than a partially ordered set.

Answer option A is incorrect. Discretionary access control (DAC) is a kind of access control defined by the Trusted Computer System Evaluation Criteria as 'a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission on to any other subject'.

Answer option D is incorrect. Mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object will be tested against the set of authorization rules to determine if the operation is allowed.

Answer option B is incorrect. Mandatory Integrity Control (MIC), also called Integrity levels, is a core security feature, introduced in Windows Vista and Windows Server 2008, which adds Integrity Levels (IL) to processes running in a login session. This mechanism is able to selectively restrict the access permissions of certain programs or software components which are considered to be potentially less trustworthy, compared with other software running under the same user account which is more trusted.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77