Systems Security Certified Practitioner (SSCP) — Question 52

Which access control model is also called Non Discretionary Access Control (NDAC)?

Answer options

• A. Lattice based access control
• B. Mandatory access control
• C. Role-based access control
• D. Label-based access control

Correct answer: C

Explanation

The correct answer is C, Role-based access control, as it is defined as a non-discretionary model where access rights are assigned based on roles within an organization. Options A, B, and D refer to different models that do not fit the definition of NDAC, as they either allow for user discretion or do not specifically align with the concept of role-based access.