Which access control models are commonly used to implement least-privilege in IAM?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

Which access control models are commonly used to implement least-privilege in IAM?

Explanation:
Implementing least-privilege in IAM relies on models that define what users can do based on roles or attributes, granting only the minimal permissions needed for their work. Role-Based Access Control (RBAC) assigns permissions through defined roles. Users receive roles that already contain the necessary privileges for their job, so access is limited to what those roles require, which makes enforcement straightforward and scalable across an organization. Attribute-Based Access Control (ABAC) takes a different approach by evaluating attributes—of the user, the resource, the action, and the environment—against policies to grant access. This allows very fine-grained control and can adapt to changing contexts, ensuring users have exactly what they need (and nothing more) in varying situations. Time-Based Access Control and Location-Based Access Control are useful constraints, but they don’t by themselves establish the minimal set of permissions across resources. They’re best viewed as additional gates that can complement RBAC or ABAC. Discretionary Access Control gives owners broad latitude to grant access, which can lead to privilege creep and weaker enforcement of least privilege. Together, RBAC and ABAC provide structured, policy-driven ways to assign and enforce the least-privilege principle in IAM, making them the best fit for implementing tight, appropriate access.

Implementing least-privilege in IAM relies on models that define what users can do based on roles or attributes, granting only the minimal permissions needed for their work. Role-Based Access Control (RBAC) assigns permissions through defined roles. Users receive roles that already contain the necessary privileges for their job, so access is limited to what those roles require, which makes enforcement straightforward and scalable across an organization. Attribute-Based Access Control (ABAC) takes a different approach by evaluating attributes—of the user, the resource, the action, and the environment—against policies to grant access. This allows very fine-grained control and can adapt to changing contexts, ensuring users have exactly what they need (and nothing more) in varying situations.

Time-Based Access Control and Location-Based Access Control are useful constraints, but they don’t by themselves establish the minimal set of permissions across resources. They’re best viewed as additional gates that can complement RBAC or ABAC. Discretionary Access Control gives owners broad latitude to grant access, which can lead to privilege creep and weaker enforcement of least privilege.

Together, RBAC and ABAC provide structured, policy-driven ways to assign and enforce the least-privilege principle in IAM, making them the best fit for implementing tight, appropriate access.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy