Which of the following best describes an RBAC access control model?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

Which of the following best describes an RBAC access control model?

Explanation:
RBAC is about granting access through roles. In this model, permissions are tied to roles rather than to individual users. Users are assigned to one or more roles, and their access rights come from the permissions attached to those roles. This mirrors real job functions: a role such as a developer, manager, or auditor carries specific permissions, and people obtain those rights simply by occupying the role. It makes administration easier because you assign permissions to roles once and assign users to roles, rather than wiring permissions for each user individually. It also supports principles like least privilege and separation of duties by structuring which actions each role can perform. The other options describe attribute-based access concepts. Access is determined by attributes of the user, resource, action, or environment—not by roles—so those descriptions don’t fit RBAC. Time-based schedules or environmental attributes are typical elements of ABAC or policy-based approaches, not the defining feature of RBAC.

RBAC is about granting access through roles. In this model, permissions are tied to roles rather than to individual users. Users are assigned to one or more roles, and their access rights come from the permissions attached to those roles. This mirrors real job functions: a role such as a developer, manager, or auditor carries specific permissions, and people obtain those rights simply by occupying the role. It makes administration easier because you assign permissions to roles once and assign users to roles, rather than wiring permissions for each user individually. It also supports principles like least privilege and separation of duties by structuring which actions each role can perform.

The other options describe attribute-based access concepts. Access is determined by attributes of the user, resource, action, or environment—not by roles—so those descriptions don’t fit RBAC. Time-based schedules or environmental attributes are typical elements of ABAC or policy-based approaches, not the defining feature of RBAC.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy