Certified Information Systems Security Professional (CISSP) — Question 470

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?

Answer options

• A. Mandatory Access Control (MAC)
• B. Attribute Based Access Control (ABAC)
• C. Role Based Access Control (RBAC)
• D. Discretionary Access Control (DAC)

Correct answer: B

Explanation

The correct answer is B, Attribute Based Access Control (ABAC), as it specifically evaluates access requests based on attributes of users, resources, and the context. The other options, such as Mandatory Access Control (MAC), Role Based Access Control (RBAC), and Discretionary Access Control (DAC), do not incorporate contextual factors or attributes in the same flexible manner that ABAC does.