CompTIA CySA+ (CS0-003) — Question 459

A company wants to grant access to identity administrators who are completing similar tasks. Which of the following access control models should the company use?

Answer options

• A. Mandatory access
• B. Role-based access
• C. Attribute-based access
• D. Discretionary access

Correct answer: B

Explanation

Role-based access control (RBAC) is the correct choice because it allows the company to assign permissions based on the roles of users, making it ideal for identity administrators with similar responsibilities. Mandatory, attribute-based, and discretionary access controls do not provide the same level of efficiency or simplicity for managing access across multiple individuals performing similar tasks.