Certified Information Systems Security Professional (CISSP) — Question 455
A user is allowed to access the file labeled "Financial Forecast," but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of access mechanism should be used to accomplish this?
Answer options
- A. Minimum access control
- B. Limited role-based access control (RBAC)
- C. Access control list (ACL)
- D. Rule-based access control
Correct answer: D
Explanation
Rule-based access control (RBAC) is correct because it allows access based on specific rules, such as time constraints. The other options do not offer the same level of granularity for time-based restrictions; for instance, Minimum access control and Limited RBAC do not inherently include time-based rules, while ACLs typically manage permissions without time restrictions.