(ISC)2 Certified in Cybersecurity Practice Exam

What access control method should be selected for effective access provisioning when employees transfer or get promoted?

• A. Role-based access controls (RBAC)
• B. Mandatory access controls (MAC)
• C. Discretionary access controls (DAC)
• D. Barbed wire

The correct answer is: Role-based access controls (RBAC)

Role-based access control (RBAC) is the most suitable access control method for managing access provisioning, especially when employees transfer or get promoted. This approach simplifies the management of user permissions by assigning access based on roles that reflect the user's responsibilities within the organization. When an employee's position changes, their role can be updated to grant appropriate access to the resources necessary for their new responsibilities without needing individual adjustments for each user. This ensures consistency across the organization and reduces the risk of excessive or inappropriate access rights, which can occur if controls are primarily discretionary or manually assigned. Mandatory access controls (MAC) are typically used in environments requiring strict data confidentiality, where access cannot be altered by end users. While MAC provides a high level of security, it lacks the flexibility needed for dynamic workforce management associated with promotions or transfers. Discretionary access controls (DAC) allow users to control access to their own resources, which can lead to inconsistencies and mismanagement, particularly when employees change roles. Access management becomes cumbersome and error-prone in such situations. The mention of "barbed wire" is irrelevant in the context of digital access control methods, emphasizing physical security measures instead. Therefore, the flexibility, efficiency, and security provided by RBAC make it the most