CISSP – Information Systems Security Management Professional (ISSMP) — Question 63

Which of the following access control models uses a predefined set of access privileges for an object of a system?

Answer options

• A. Role-Based Access Control
• B. Mandatory Access Control
• C. Policy Access Control
• D. Discretionary Access Control

Correct answer: B

Explanation

Mandatory Access Control (MAC) is the correct answer as it relies on a strict set of rules defined by a central authority regarding access rights. In contrast, Role-Based Access Control (RBAC) assigns permissions based on user roles, Policy Access Control is not a standard model, and Discretionary Access Control (DAC) allows users to control access to their own resources, making them less rigid than MAC.