Certified Information Systems Security Professional (CISSP) — Question 334
Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee records?
Answer options
- A. Role-based access control (RBAC)
- B. Attribute-based access control (ABAC)
- C. Discretionary access control (DAC)
- D. Mandatory access control (MAC)
Correct answer: B
Explanation
The correct answer is B, Attribute-based access control (ABAC), as it grants access based on specific attributes like user type and department. Option A, Role-based access control (RBAC), is based on user roles rather than individual attributes. Options C and D, Discretionary access control (DAC) and Mandatory access control (MAC), do not focus on user attributes but rather on owner discretion and strict policies, respectively.