In ABAC, which factors are used to determine access decisions?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

In ABAC, which factors are used to determine access decisions?

Explanation:
ABAC makes access decisions by evaluating multiple attributes across three areas: who the user is, what the resource is, and the context of the request. User attributes include things like identity, role, department, and clearance. Resource attributes cover properties such as owner, classification, sensitivity, and type. Environment attributes encompass the context of the access request, like time of day, location, network security, and device health. This combination lets policies specify nuanced rules, such as: a user in a particular role can access certain resources only during business hours on a trusted network, and only if the resource has a matching sensitivity level. That’s why using all three attribute types is the essence of ABAC. Relying on only one aspect—such as user roles, or ownership, or environmental state alone—fails to capture the full, flexible access control that ABAC aims to provide.

ABAC makes access decisions by evaluating multiple attributes across three areas: who the user is, what the resource is, and the context of the request. User attributes include things like identity, role, department, and clearance. Resource attributes cover properties such as owner, classification, sensitivity, and type. Environment attributes encompass the context of the access request, like time of day, location, network security, and device health.

This combination lets policies specify nuanced rules, such as: a user in a particular role can access certain resources only during business hours on a trusted network, and only if the resource has a matching sensitivity level. That’s why using all three attribute types is the essence of ABAC.

Relying on only one aspect—such as user roles, or ownership, or environmental state alone—fails to capture the full, flexible access control that ABAC aims to provide.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy