Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your team is designing an API for an electronic health record system hosted in a cloud environment. All users authenticate via SAML SSO. The security policy states that any licensed physician may read any patient record, but only the record's attending physician may modify it. Which authorization model best satisfies this requirement at the API layer?

  • Attribute-Based Access Control (ABAC) policies evaluated by the API gateway

  • Discretionary Access Control (DAC) allowing physicians to maintain access control lists on their patients' records

  • Role-Based Access Control (RBAC) with static physician and nurse roles

  • Mandatory Access Control (MAC) that labels each patient record with a fixed sensitivity level

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot