ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During the design of a government analytics platform that stores documents labeled Confidential, Secret, and Top Secret, the security architect decides that a single security administration office will assign clearances, and individual users must never be able to change who can read or write a file. Which access control model best meets this requirement?
Implement a mandatory access control (MAC) scheme that uses centrally managed security labels to enforce access decisions.
Adopt an attribute-based access control (ABAC) model that evaluates user and resource attributes at run time.
Use discretionary access control (DAC) so each document owner can grant read or write permissions as needed.
Create role-based access control (RBAC) roles that correspond to the Confidential, Secret, and Top Secret classifications.
A mandatory access control (MAC) system bases access decisions on fixed security labels (e.g., Confidential, Secret, Top Secret) assigned to both subjects (users, processes) and objects (files, databases) by a central authority. Once these labels and the overarching policy are set, individual owners cannot alter them, ensuring consistent enforcement of information flow rules-a key need in high-security government environments.
Discretionary Access Control allows the data owner to grant or revoke permissions, violating the requirement that users must not change access. Role-Based Access Control relies on roles rather than immutable security labels and still lets administrators delegate changes. Attribute-Based Access Control evaluates attributes at run time and does not inherently prohibit owners or administrators from modifying policies. Therefore, only MAC guarantees that access is determined exclusively by a central policy authority and immutable labels.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is mandatory access control (MAC)?
Open an interactive chat with Bash
Why is DAC not suitable for high-security environments?
Open an interactive chat with Bash
How does MAC differ from Role-Based Access Control (RBAC)?
Open an interactive chat with Bash
What features of MAC make it suitable for high-security environments?
Open an interactive chat with Bash
How does MAC differ from DAC and RBAC?
Open an interactive chat with Bash
Why wouldn’t ABAC work as well as MAC in this case?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .