Which access control model enforces access decisions at the system level and is not controlled by individual users?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Identity and Access Manager Exam using flashcards and multiple-choice questions. Gain insights into the exam format, practice with real-world scenarios, and ensure your success in becoming a certified professional.

Multiple Choice

Which access control model enforces access decisions at the system level and is not controlled by individual users?

Explanation:
In this model, access decisions are driven by centralized policies and security labels rather than by individual users. Mandatory Access Control enforces who can access what based on fixed rules (such as clearance levels and object classifications) applied by the system. Users cannot override these rules or grant access to others, even if they own the data. This centralized, policy-driven enforcement is what keeps access decisions from being controlled at the user level. By contrast, discretionary access control depends on the owner to grant permissions, so access is user-controlled. An access control matrix is a way to represent who can do what, but it’s a structure rather than a model that enforces the policy. Data confidentiality is a security objective, not a mechanism for enforcing access decisions.

In this model, access decisions are driven by centralized policies and security labels rather than by individual users. Mandatory Access Control enforces who can access what based on fixed rules (such as clearance levels and object classifications) applied by the system. Users cannot override these rules or grant access to others, even if they own the data. This centralized, policy-driven enforcement is what keeps access decisions from being controlled at the user level.

By contrast, discretionary access control depends on the owner to grant permissions, so access is user-controlled. An access control matrix is a way to represent who can do what, but it’s a structure rather than a model that enforces the policy. Data confidentiality is a security objective, not a mechanism for enforcing access decisions.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy