Certified Information Systems Security Professional (CISSP) — Question 208

Which of the following access control mechanisms characterized subjects and objects using a set of encoded security-relevant properties?

Answer options

• A. Mandatory access control (MAC)
• B. Role-based access control (RBAC)
• C. Attribute-based access control (ABAC)
• D. Discretionary access control (DAC)

Correct answer: C

Explanation

The correct answer is C, Attribute-based access control (ABAC), as it uses a set of attributes to define access rights, making it highly flexible. In contrast, Mandatory access control (MAC) relies on predefined policies, Role-based access control (RBAC) assigns access based on roles rather than attributes, and Discretionary access control (DAC) allows users to control access to their own resources, which does not use encoded properties.