Which access control model is described as permissions provided by the system and cannot be amended by users, governed by administrator-defined rules?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the EC-Council Network Defense Essentials Exam with flashcards and multiple-choice questions. Each question includes detailed explanations and hints to boost your preparation. Be confident and ready to succeed!

Multiple Choice

Which access control model is described as permissions provided by the system and cannot be amended by users, governed by administrator-defined rules?

Explanation:
This describes Mandatory Access Control. In this model, access decisions are driven by a centrally defined security policy that the administrator sets, using system-enforced rules and labels. Users cannot modify permissions—only the administrator can change the policy or labeling. The system consistently enforces who can access what based on those rules, regardless of the individual owner’s preferences or actions. Rule-based access control is related in that it uses policies to grant or deny access, but the defining idea here is that permissions are imposed and enforced by the system under administrator-defined rules, not by user discretion. Discretionary access control lets owners grant permissions, which contradicts the “cannot be amended by users” aspect. Role-based access control grants access based on defined roles, which still involves policy but is organized around roles rather than the blanket, system-enforced policy emphasis of mandatory access control.

This describes Mandatory Access Control. In this model, access decisions are driven by a centrally defined security policy that the administrator sets, using system-enforced rules and labels. Users cannot modify permissions—only the administrator can change the policy or labeling. The system consistently enforces who can access what based on those rules, regardless of the individual owner’s preferences or actions.

Rule-based access control is related in that it uses policies to grant or deny access, but the defining idea here is that permissions are imposed and enforced by the system under administrator-defined rules, not by user discretion. Discretionary access control lets owners grant permissions, which contradicts the “cannot be amended by users” aspect. Role-based access control grants access based on defined roles, which still involves policy but is organized around roles rather than the blanket, system-enforced policy emphasis of mandatory access control.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy