CompTIA SecurityX (CAS-005) — Question 146

A security manager at a local hospital wants to secure patient medical records. The manager needs to:

• Choose an access control model that clearly defines who has access to sensitive information.
• Prevent those who enter new patient information from specifying who has access to this data.

Which of the following access control models is the best way to ensure the lowest risk of granting unintentional access?

Answer options

• A. Rule-based
• B. Attribute-based
• C. Mandatory
• D. Discretionary

Correct answer: C

Explanation

The Mandatory access control model is the most suitable as it enforces strict policies that dictate who can access sensitive information, preventing unauthorized access. In contrast, Rule-based and Attribute-based models provide flexibility that could lead to unintentional access, while Discretionary access control allows users to set permissions, which can increase risk.