ISC2 CISSP Practice Question

The correct answer is Mandatory Access Control (MAC). This model is characterized by centrally controlled access rights based on clearance levels, where the system or security administrators determine the access levels rather than the data owners. In MAC, users cannot share or transfer their access rights to others, as access is strictly governed by security labels and clearance levels.

Discretionary Access Control (DAC) is incorrect because in DAC, the data owner determines who can access the resources and can delegate those permissions to others.

Role-Based Access Control (RBAC) is incorrect because while it does involve assigning permissions to roles rather than individual users, it doesn't inherently involve clearance levels and doesn't prevent delegation if the implementation allows it.

Attribute-Based Access Control (ABAC) is incorrect because it makes access decisions based on attributes of users, resources, and environmental conditions rather than clearance levels alone.