Which access control model assigns permissions based on the user's role within an organization?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

Which access control model assigns permissions based on the user's role within an organization?

Explanation:
RBAC assigns permissions based on the user’s role within an organization. In this model, access rights are created for defined roles (such as “Employee,” “Manager,” or “Finance Analyst”), and individuals are granted those roles. The system then provides or restricts access according to the permissions attached to each role. This makes provisioning straightforward: when someone changes jobs, you adjust their role memberships rather than reconfiguring permissions for each resource. It also supports consistent enforcement of least privilege and helps with auditing and separation of duties, since roles can be designed to include only the necessary rights for a given function. Discretionary access control relies on the resource owner to grant access, which can lead to inconsistent permissions and harder administration. Mandatory access control uses fixed security labels and classifications rather than job functions. Attribute-based access control makes decisions based on multiple attributes (of the user, resource, and environment) rather than roles. The scenario described—permissions tied to organizational roles—matches role-based access control best.

RBAC assigns permissions based on the user’s role within an organization. In this model, access rights are created for defined roles (such as “Employee,” “Manager,” or “Finance Analyst”), and individuals are granted those roles. The system then provides or restricts access according to the permissions attached to each role. This makes provisioning straightforward: when someone changes jobs, you adjust their role memberships rather than reconfiguring permissions for each resource. It also supports consistent enforcement of least privilege and helps with auditing and separation of duties, since roles can be designed to include only the necessary rights for a given function.

Discretionary access control relies on the resource owner to grant access, which can lead to inconsistent permissions and harder administration. Mandatory access control uses fixed security labels and classifications rather than job functions. Attribute-based access control makes decisions based on multiple attributes (of the user, resource, and environment) rather than roles. The scenario described—permissions tied to organizational roles—matches role-based access control best.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy