Systems Security Certified Practitioner (SSCP) — Question 66

A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:

Answer options

• A. Mandatory Access Control
• B. Discretionary Access Control
• C. Non-Discretionary Access Control
• D. Rule-based Access control

Correct answer: A

Explanation

Mandatory Access Control (MAC) is the correct answer because it involves a central authority that dictates access permissions based on security policies. Discretionary Access Control (DAC) allows users to manage their own access rights, Non-Discretionary Access Control is not a standard term widely recognized in security frameworks, and Rule-based Access Control is a variation that uses rules to determine access but does not imply central authority.