(ISC)2 Certified in Cybersecurity Practice Exam

Which of the following models offers a higher level of security by enforcing strict access control policies across an organization?

• A. Discretionary Access Control
• B. Mandatory Access Control
• C. Role-Based Access Control
• D. Rule-Based Access Control

The correct answer is: Mandatory Access Control

Mandatory Access Control (MAC) offers a higher level of security due to its stringent enforcement of access control policies that are determined by a central authority rather than individual users. In a MAC environment, users are granted access to resources based on their security clearances and the classification of the information. This means that access is strictly controlled and cannot be changed arbitrarily by the users, thereby reducing the risk of data breaches that can occur in systems where users have discretion over access levels. This model is particularly effective in environments that require compliance with regulatory standards and protection of sensitive information, as it helps ensure that access controls are consistently applied and audited. By contrast, other models like Discretionary Access Control (DAC) allow users more flexibility and control over their own resources, which can introduce vulnerabilities. Role-Based Access Control (RBAC) balances flexibility and security by assigning permissions based on roles, but it does not enforce the strict access policies found in MAC. Rule-Based Access Control applies specific rules but may not offer the same rigid structuring as MAC, making it less comprehensive in its preventive measures against unauthorized access.