ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
While auditing a government workload running on Amazon EC2 instances that enforce SELinux, you must verify that the file-permission model meets Mandatory Access Control (MAC) requirements. Which statement correctly characterizes how access to classified files is enforced in a true MAC system?
Access decisions are determined by a central policy that compares user clearance with file classification labels, and only designated security administrators may change those labels.
Membership in Linux groups associated with each file controls access, and users can request to be added to those groups.
File owners can override the system policy by running chmod to grant additional users read access.
Users receive access dynamically when their AWS IAM session tags, such as project ID and location, match attributes assigned to the file.
Mandatory Access Control relies on a centrally defined security policy that uses subject clearances and object classification labels. Ordinary users, including file creators, cannot bypass the policy or change those labels; only a trusted security administrator can do so. This contrasts with Discretionary Access Control, where owners grant permissions with commands such as chmod; group-based controls that depend on membership lists; or attribute-based systems that evaluate dynamic tags. The correct option therefore reflects the centrally administered, label-driven nature of MAC, whereas the distractors each describe alternative access-control models.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SELinux and how does it relate to Mandatory Access Control (MAC)?
Open an interactive chat with Bash
How does Mandatory Access Control (MAC) differ from Discretionary Access Control (DAC)?
Open an interactive chat with Bash
How do classifications and clearances work in a Mandatory Access Control system?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .