ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A file-share uses role-based access control. The Finance role currently grants read access to every object in the department's folder. Finance managers must now be the only users who can open six highly sensitive spreadsheets, while all other Finance staff must keep their existing access to the remaining documents. Which change best applies object-based access within the RBAC model and minimises administrative overhead?
Create a Finance-Managers role that contains permissions only for the six confidential spreadsheets and add that role to the manager accounts in addition to their existing Finance role.
Convert the share to mandatory access control and label the six spreadsheets "Secret" so only managers with a matching clearance can open them.
Add explicit deny entries for every non-manager user on the access control lists of the six spreadsheets.
Replace the Finance role with an attribute-based policy that grants access when the user's jobTitle attribute equals "Finance Manager".
In RBAC, permissions are attached to roles and are evaluated when a user activates a role. To restrict access to a specific subset of objects, the cleanest solution is to create a new, more restrictive role whose permission set is limited to those spreadsheets and to assign only the managers to it. Because roles can be combined, managers keep the general Finance role for ordinary files while their additional, object-specific role grants them exclusive access to the sensitive objects. Switching to a different control model (MAC or ABAC), adding deny permissions to every non-manager, or embedding user accounts in ACLs all either depart from RBAC or impose far greater administrative burden and risk of error.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is RBAC and how does it work?
Open an interactive chat with Bash
Why is creating a new Finance-Managers role better than switching to MAC or ABAC?
Open an interactive chat with Bash
What are the risks of using explicit deny entries in RBAC?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .