ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

While architecting a cloud-hosted healthcare platform, the team must ensure records labeled Public, Sensitive, or Restricted are only accessible according to those labels. Only the organization's security officer may modify the policy; application owners or tenant admins cannot delegate or change permissions themselves. Which access control model meets these constraints?

Attribute-Based Access Control (ABAC)
Role-Based Access Control (RBAC)
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)

Report Issue

Answer Description

Mandatory Access Control (MAC) relies on centrally managed security labels assigned to both subjects and objects. Access decisions are enforced by the system based on these labels, and only a designated authority (e.g., a security officer) can alter the policy. Discretionary Access Control permits data owners to grant rights to others, Role-Based Access Control assigns permissions through roles that administrators can usually modify, and Attribute-Based Access Control evaluates user and object attributes but similarly allows policy changes by authorized administrators. Because the scenario demands classification labels and prohibits users or administrators from changing rules, only MAC satisfies the requirement.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

What is Mandatory Access Control (MAC)?

Open an interactive chat with Bash

How does MAC differ from DAC, RBAC, and ABAC?

Open an interactive chat with Bash

Why is MAC the preferred model for high-security environments like healthcare and government systems?

Open an interactive chat with Bash

What distinguishes Mandatory Access Control (MAC) from other access control models?

Open an interactive chat with Bash

Why is MAC preferred for systems with strict data classification like healthcare?

Open an interactive chat with Bash

How do security labels work within the MAC model?

Open an interactive chat with Bash

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)

Secure Software Implementation

Your Score:

Settings & Objectives

Secure Software Concepts

Secure Software Lifecycle Management

Secure Software Requirements

Secure Software Architecture and Design

Secure Software Implementation

Secure Software Testing

Secure Software Deployment, Operations, Maintenance

Secure Software Supply Chain

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot

AI Bot