(ISC)2 Certified in Cybersecurity Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the (ISC)2 Certified in Cybersecurity Exam with comprehensive quizzes and extensive question banks. Enhance your skills with detailed explanations and practice tests designed to improve your expertise for the certification exam. Get exam-ready now!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What access control model is used in a government agency where all data is classified and clearance levels determine access?

  1. MAC (mandatory access control)

  2. DAC (discretionary access control)

  3. RBAC (role-based access control)

  4. FAC (formal access control)

The correct answer is: MAC (mandatory access control)

The access control model utilized in a government agency where all data is classified and access is determined by clearance levels is known as Mandatory Access Control (MAC). In this model, access to resources is strictly regulated based on predefined security levels and classifications. Each piece of data is assigned a security classification (such as confidential, secret, or top secret), and individuals are granted access based on their security clearance level. This means that users cannot change permissions, and access is enforced by the system according to the rules set by the organization. In MAC, the focus is on enforcing the organization's security policies rather than allowing individual users to decide who can access their resources. This is particularly important in governmental contexts, where protecting sensitive information is critical for national security. Other access control models, such as Discretionary Access Control (DAC), allow users to have control over their own data and decide who gets access, which is not suitable for a scenario requiring strict adherence to clearance levels. Role-Based Access Control (RBAC) assigns permissions based on roles rather than clearance levels, making it less relevant in environments where access depends on a rigid hierarchy of security classifications. Formal Access Control (FAC) is not a widely recognized model in the context of achieving security in the way needed for government

More Questions Like This