Certified Information Systems Security Professional (CISSP) — Question 162

Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?

Answer options

• A. Mandatory Access Control (MAC) and Discretionary Access Control (DAC)
• B. Discretionary Access Control (DAC) and Access Control List (ACL)
• C. Role Based Access Control (RBAC) and Mandatory Access Control (MAC)
• D. Role Based Access Control (RBAC) and Access Control List (ACL)

Correct answer: D

Explanation

The correct answer is D because Role Based Access Control (RBAC) and Access Control List (ACL) are both relevant to ABAC in that they involve the use of attributes to determine access permissions. Options A, B, and C mention access control methods that do not directly align with the attribute-based approach, therefore they do not represent characteristics of ABAC.