ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A biotechnology firm stores research datasets on a Linux NFS share accessed by hundreds of scientists. Policy requires that the creator of each file must be able to grant or revoke read and write permissions on that file without involving the security team. The security team's role is limited to centrally auditing any permission changes. Which access control model should the administrator implement on the file share to meet this requirement?
Discretionary Access Control that lets file owners manage the Access Control List for their own files
Attribute-Based Access Control that evaluates user, action, and data sensitivity attributes at run time
Mandatory Access Control enforced through SELinux security labels and policies
Role-Based Access Control by assigning scientists to predefined groups
Discretionary Access Control (DAC) makes the object creator (or owner) responsible for setting and changing permissions on that object. Because owners can delegate access at their own discretion, DAC fits the requirement that scientists control permissions on files they create. Mandatory Access Control would place control in centrally-managed security labels, preventing owners from changing access. Role-Based Access Control would tie access to predefined roles or groups, not individual ownership decisions. Attribute-Based Access Control relies on evaluating multiple subject and object attributes, rather than simple owner-controlled ACLs, and still would not automatically give each creator control. Therefore, DAC is the appropriate model while allowing the security team to audit changes separately.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Discretionary Access Control (DAC)?
Open an interactive chat with Bash
What is an Access Control List (ACL) in the context of DAC?
Open an interactive chat with Bash
How can the security team audit changes made under DAC?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .