An enterprise security architect is redesigning its permission model. The goal is to grant users access to information systems strictly according to predefined job functions such as Payroll Clerk, Systems Operator, and SOC Analyst while minimizing administrative overhead when employees transfer between departments. Which access-control model best meets this requirement?
Role-based access control (RBAC) assigns permissions to roles that correspond to job functions. Administrators simply move users in or out of roles, so privileges automatically align with each person's current responsibilities, reducing manual effort and the risk of excessive access. - Discretionary access control (DAC) lets resource owners decide access individually, which is flexible but hard to standardize across an enterprise. - Attribute-based access control (ABAC) can enforce fine-grained, dynamic policies but requires complex attribute management and does not inherently map to static job functions. - Mandatory access control (MAC) enforces access via security labels and clearance levels, making it appropriate for highly classified environments, not for routine business roles.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is role-based access control (RBAC)?
Open an interactive chat with Bash
Why is a strong password policy less effective than RBAC?
Open an interactive chat with Bash
What are the limitations of using a standard login approach for all users?
Open an interactive chat with Bash
ISC2 CISSP
Identity and Access Management (IAM)
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access