ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A defense contractor must standardize permissions for project files on multiple Windows and Linux servers. Access must follow data classification labels (Confidential, Secret, Top-Secret) tied to personnel clearances. Local administrators cannot create exceptions, and permissions must persist when a file is copied within the domain. Which access control approach BEST meets these needs?
Deploy an Attribute-Based Access Control solution that evaluates user claims and file tags at run time.
Use Discretionary Access Control with inherited Access Control Lists that mirror the classification hierarchy.
Apply Role-Based Access Control by assigning project roles and linking them to shared folder permissions.
Implement a centrally managed Mandatory Access Control system that assigns fixed classification labels to files and clearances to users.
Mandatory Access Control (MAC) enforces system-wide policies defined and maintained centrally by a security authority, not by resource owners or local administrators. Objects receive fixed classification labels and subjects receive matching clearance labels; the operating system evaluates every request against these labels, so the rules remain intact even when data is moved.
Discretionary Access Control allows owners or administrators to change ACLs, violating the "no exceptions" requirement.
Role-Based Access Control ties permissions to job roles, but administrators can still alter role memberships or object permissions.
Attribute-Based Access Control is flexible but, like RBAC, relies on modifiable policies and is not designed specifically to enforce unchangeable classification labels.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Mandatory Access Control (MAC)?
Open an interactive chat with Bash
How does MAC differ from Discretionary Access Control (DAC)?
Open an interactive chat with Bash
Why doesn’t Role-Based Access Control (RBAC) work for enforcing fixed data classifications?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .