An administrator must ensure that nonessential employees cannot establish a VPN session to the corporate network outside of normal business hours (09:00-17:00 local time). Which access control model should the administrator configure to BEST enforce this requirement?
Rule-based access control relies on administrator-defined rules that the system evaluates whenever a user requests access. A common rule condition is the current time, allowing the administrator to permit VPN connections only between 09:00 and 17:00 and automatically block attempts made outside that window.
Role-based access control groups permissions by job function, but it does not inherently evaluate environmental factors such as time. Mandatory access control enforces access decisions through centrally assigned security labels, and discretionary access control leaves permission settings to the resource owner. None of these models offers a straightforward way to enforce a time-of-day policy, making rule-based access control the best fit for this scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Rule-Based Access Control enforce time restrictions?
Open an interactive chat with Bash
What is the main difference between Rule-Based and Role-Based Access Control?
Open an interactive chat with Bash
Can Rule-Based Access Control be combined with other models?