Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 Exam ISSAP Topic 6 Question 30 Discussion

Actual exam question for ISC2's Information Systems Security Architecture Professional exam
Question #: 30
Topic #: 6
[All Information Systems Security Architecture Professional Questions]

You work as an administrator for Techraft Inc. Employees of your company create 'products', which are supposed to be given different levels of access.

You need to configure a security policy in such a way that an employee (producer of the product) grants accessing privileges (such as read,

write, or alter) for his product.

Which of the following access control models will you use to accomplish this task?

Show Suggested Answer Hide Answer
Suggested Answer: A

object and what privileges they have.

Two important concepts in DAC are as follows:

File and data ownership: Every object in the system has an owner. In most DAC systems, each object's initial owner is the subject that

caused it to be created. The access policy for an object is determined by its owner.

Access rights and permissions: These are the controls that an owner can assign to other subjects for specific resources.

Access controls may be discretionary in ACL-based or capability-based access control systems.

Note: In capability-based systems, there is no explicit concept of owner, but the creator of an object has a similar degree of control over its

access policy.

Answer option C is incorrect. Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the

system. Access to an object is restricted on the basis of the sensitivity of the object and granted through authorization. Sensitivity of an

object is defined by the label assigned to it. For example, if a user receives a copy of an object that is marked as 'secret', he cannot grant

permission to other users to see this object unless they have the appropriate permission.

Answer option D is incorrect. An access control list (ACL) is an ordered list of access control entries (ACEs). Each ACE identifies a trustee and

specifies a set of access rights allowed, denied, or audited for that trustee. A security descriptor of an object contains two ACL types. They are

as follows:

Discretionary Access Control List (DACL): It identifies a specified trustee that is allowed or denied access to a securable object.

System Access Control List (SACL): It enables an administrator to log attempts for accessing a secured object.

Answer option B is incorrect. Role-based access control (RBAC) is an access control model. In this model, a user can access resources

according to his role in the organization. For example, a backup administrator is responsible for taking backups of important data. Therefore,

he is only authorized to access this data for backing it up. However, sometimes users with different roles need to access the same resources.

This situation can also be handled using the RBAC model.


by Judy at May 05, 2022, 05:45 AM

Limited Time Offer

25%

Off

Get Premium ISSAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!


Save Cancel