A network administrator is setting up access control for highly sensitive financial records that should be accessible only to the company's executive team. Which of the following methods would be the most appropriate to enforce strict access based on predefined permissions and roles?
Role-Based Access Control (RBAC) is the most suitable choice because it assigns permissions according to the roles that users hold within an organization. In this scenario, a single role such as "executive" can be granted the necessary rights, ensuring that only those users can see the records.
Mandatory Access Control (MAC) is highly secure and label-oriented but is designed around fixed classification levels and can be cumbersome to adjust for changing organizational roles.
Discretionary Access Control (DAC) leaves permission decisions to resource owners, which is more flexible but less stringent and can lead to accidental over-sharing.
Attribute-Based Access Control (ABAC) offers very fine-grained, attribute-driven policies, but that level of complexity is unnecessary when a straightforward role assignment meets the requirements.
Therefore, RBAC best matches the need for role-centric, easily managed restrictions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Role-Based Access Control (RBAC) differ from Attribute-Based Access Control (ABAC)?
Open an interactive chat with Bash
Why is Mandatory Access Control (MAC) not ideal for this scenario?
Open an interactive chat with Bash
What are the potential risks of using Discretionary Access Control (DAC) for sensitive data?