(ISC)2 Certified in Cybersecurity Practice Exam

Which type of access control lists typically include explicit permissions for users?

• A. Discretionary Access Control
• B. Role-Based Access Control
• C. Network Access Control
• D. Mandatory Access Control

The correct answer is: Discretionary Access Control

Discretionary Access Control (DAC) is the correct answer because it allows the owner of a resource, such as a file or directory, to determine who has access to that resource and what kind of access they have. In DAC systems, permissions are explicitly assigned by the resource owner to users or groups, meaning that the owner can grant or revoke access rights at their discretion. This model is flexible and user-friendly, as it enables users to control access based on their specific needs and the trust they have in other users. In contrast, Role-Based Access Control (RBAC) organizes access permissions based on roles assigned to users, rather than explicitly defined permissions for each individual user. This could mean that multiple users may share the same access level based on their roles, which doesn't involve the same degree of individual discretion as DAC. Network Access Control (NAC) focuses primarily on policies for network access and security controls, including measures taken to regulate who can access a network and how. While it deals with permissions, it does so within the context of network security rather than file or resource ownership. Mandatory Access Control (MAC) is a stricter approach where access rights are regulated by a central authority based on multiple levels of security. Users cannot alter permissions; they