Adaptive Policy-driven access control, also known as risk-adaptive access control, is correct because it incorporates real-time risk assessments based on context, such as user behavior, device security status, and data sensitivity, to adapt access permissions dynamically, thereby limiting the scope of threats by granting access based on policies that respond to perceived risk levels. While Role-based access control (RBAC) is statically designed based on predefined roles and Discretionary access control (DAC) is based on the resource owner's discretion, neither adapts dynamically to changing threat landscapes. Mandatory access control (MAC) is policy-based but not adaptive to real-time risks.