CompTIA Security+ (SY0-601) — Question 199

A security administrator, who is working for a government organization, would like to utilize classification and granular planning to secure top secret data and grant access on a need-to-know basis. Which of the following access control schemas should the administrator consider?

Answer options

• A. Mandatory
• B. Rule-based
• C. Discretionary
• D. Role-based

Correct answer: A

Explanation

The correct answer is A, Mandatory, as it involves strict policies where access to information is based on classification levels and need-to-know principles. Rule-based (B) and Discretionary (C) access control models do not enforce the same level of security based on classification, while Role-based (D) focuses on user roles rather than the specific sensitivity of the data.