ISC2 Exam ISSAP Topic 6 Question 29 Discussion

Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the system. Access to an object is

restricted on the basis of the sensitivity of the object and granted through authorization. Sensitivity of an object is defined by the label

assigned to it. For example, if a user receives a copy of an object that is marked as 'secret', he cannot grant permission to other users to see

this object unless they have the appropriate permission.

Answer options B, D, and C are incorrect. Event log, security log, System Access Control List (SACL) are not used to decide access control on

an object in the mandatory access control (MAC) environment.

A system access control list (SACL) is one type of access control list (ACL). It enables an administrator to log attempts to access a secured

object. It controls the audit messages or records when an access attempt fails or succeeds. Each ACE in an access control list specifies the

types of access attempts by a specified trustee. A computer can then generate a record in the security event log.