ISC2 ISSAP Exam - Topic 6 Question 30 Discussion

Actual exam question for ISC2's ISSAP exam

Question #: 30
Topic #: 6

You work as an administrator for Techraft Inc. Employees of your company create 'products', which are supposed to be given different levels of access.

You need to configure a security policy in such a way that an employee (producer of the product) grants accessing privileges (such as read,

write, or alter) for his product.

Which of the following access control models will you use to accomplish this task?

ADiscretionary access control (DAC)

BRole-based access control (RBAC)

CMandatory access control (MAC)

DAccess control list (ACL)

Show Suggested Answer

Suggested Answer: A

object and what privileges they have.

Two important concepts in DAC are as follows:

File and data ownership: Every object in the system has an owner. In most DAC systems, each object's initial owner is the subject that

caused it to be created. The access policy for an object is determined by its owner.

Access rights and permissions: These are the controls that an owner can assign to other subjects for specific resources.

Access controls may be discretionary in ACL-based or capability-based access control systems.

Note: In capability-based systems, there is no explicit concept of owner, but the creator of an object has a similar degree of control over its

access policy.

Answer option C is incorrect. Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the

system. Access to an object is restricted on the basis of the sensitivity of the object and granted through authorization. Sensitivity of an

object is defined by the label assigned to it. For example, if a user receives a copy of an object that is marked as 'secret', he cannot grant

permission to other users to see this object unless they have the appropriate permission.

Answer option D is incorrect. An access control list (ACL) is an ordered list of access control entries (ACEs). Each ACE identifies a trustee and

specifies a set of access rights allowed, denied, or audited for that trustee. A security descriptor of an object contains two ACL types. They are

as follows:

Discretionary Access Control List (DACL): It identifies a specified trustee that is allowed or denied access to a securable object.

System Access Control List (SACL): It enables an administrator to log attempts for accessing a secured object.

Answer option B is incorrect. Role-based access control (RBAC) is an access control model. In this model, a user can access resources

according to his role in the organization. For example, a backup administrator is responsible for taking backups of important data. Therefore,

he is only authorized to access this data for backing it up. However, sometimes users with different roles need to access the same resources.

This situation can also be handled using the RBAC model.

by Judy at May 05, 2022, 05:45 AM

Limited Time Offer

25%

5 months ago

I think the answer is 3 charts, but I'm not 100% confident. I'll make a note to double-check that in the documentation.

upvoted 0 times

...