Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 44

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

Answer options

• A. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
• B. MAC is the strictest of all levels of control and DAC is object-based access
• C. DAC is controlled by the operating system and MAC is controlled by an administrator
• D. DAC is the strictest of all levels of control and MAC is object-based access

Correct answer: B

Explanation

The correct answer is B because mandatory access control (MAC) is indeed the strictest level of access control, enforcing policies that cannot be altered by users, whereas discretionary access control (DAC) allows owners to dictate access rights to their resources. The other options incorrectly describe the roles of MAC and DAC, misrepresenting who controls them and their nature.