Page 1547 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1547

6.  D. A nondiscretionary access control model uses a central authority
                    to determine which objects (such as files) that users (and other

                    subjects) can access. In contrast, a Discretionary Access Control
                    (DAC) model allows users to grant or reject access to any objects
                    they own. An ACL is an example of a rule-based access control
                    model. An access control matrix includes multiple objects, and it
                    lists the subject’s access to each of the objects.

                7.  D. A Role Based Access Control (RBAC) model can group users into

                    roles based on the organization’s hierarchy, and it is a
                    nondiscretionary access control model. A nondiscretionary access
                    control model uses a central authority to determine which objects
                    that subjects can access. In contrast, a Discretionary Access
                    Control (DAC) model allows users to grant or reject access to any
                    objects they own. An ACL is an example of a rule-based access
                    control model that uses rules, not roles.


                8.  A. The Role Based Access Control (RBAC) model is based on role or
                    group membership, and users can be members of multiple groups.
                    Users are not limited to only a single role. RBAC models are based
                    on the hierarchy of an organization, so they are hierarchy based.
                    The Mandatory Access Control (MAC) model uses assigned labels
                    to identify access.

                9.  D. A programmer is a valid role in a Role Based Access Control

                    (RBAC) model. Administrators would place programmers’ user
                    accounts into the Programmer role and assign privileges to this
                    role. Roles are typically used to organize users, and the other
                    answers are not users.

              10.  D. A rule-based access control model uses global rules applied to
                    all users and other subjects equally. It does not apply rules locally,
                    or to individual users.

               11.  C. Firewalls use a rule-based access control model with rules

                    expressed in an access control list. A Mandatory Access Control
                    (MAC) model uses labels. A Discretionary Access Control (DAC)
                    model allows users to assign permissions. A Role Based Access
                    Control (RBAC) model organizes users in groups.
   1542   1543   1544   1545   1546   1547   1548   1549   1550   1551   1552