CompTIA Security+ (SY0-601) — Question 555

A company wants to pragmatically grant access to users who have the same job. Which of the following access controls should the company most likely use?

Answer options

• A. Role-based
• B. Need-to-know
• C. Mandatory
• D. Discretionary

Correct answer: A

Explanation

Role-based access control (RBAC) is the best option because it allows permissions to be assigned based on job roles, making it easier to manage access for users performing similar tasks. Need-to-know access is focused on information sensitivity rather than job roles, while mandatory and discretionary controls do not align with the requirement for job-based access.