Ann has read and write access to an employee database, while Joe has only read access.
Ann is leaving for a conference. Which of the following types of authorization could be
utilized to trigger write access for Joe when Ann is absent?
A.
Mandatory access control
B.
Role-based access control
C.
Discretionary access control
D.
Rule-based access control
Can someone explain this one to me?
The Role Based Access Control, or RBAC, model provides access control based on the position an individual fills in an organization. So, instead of assigning John permissions as a security manager, the position of security manager already has permissions assigned to it. In essence, John would just need access to the security manager profile. RBAC makes life easier for the system administrator of the organization. The big issue with this access control model is that if John requires access to other files, there has to be another way to do it since the roles are only associated with the position; otherwise, security managers from other organizations could possibly get access to files they are unauthorized for.
As you can see Bright, the answer is Rule-based, not Role-based. I also thought it was role-based but apparently it´s rule-based. I don´t understand why. Is this a typo? Can somebody explain why it´s not role-based or DAC and explain why it´s rule-based?
The question about Role-based vs Rule-based is Question 179 in the SY0-401 v2 comptia security+ in case somebody on the right side recent comment wonders.
Rule-based access control is based on a set of approved instructions, such as
an access control list. Some rule-BAC systems use rules that trigger in
response to an event such as modifying ACLs after detecting an attack, or
granting additional permissions to a user in certain situations.
Whats this implies is Ann will create a rule that will be in effect when she is out, that grants John the access