Under the level C2 security classification, what does “discretionary access control” mean?
A.
Discretionary access control means that the owner of a resource must be able to use that resource
B.
Discretionary access control is the ability of the system administrator to limit the time any user spends on a computer
C.
Discretionary access control is a policy that limits the use of any resource to a group or a security profile
D.
Discretionary access control is a rule set by the security auditor to prevent others from downloading unauthorized scripts or programs.
Explanation:
This is a definition, and basically it says that the owner of the resource should be able to use the resource. The point is simple, what good is a security system if no one can do their work. Some people will joke that the most secure system is a system that is powered off. And in some senses, this is correct, if the computer is powered off, no code is executed, so no damage can occur. But there would be no discretionary access since the owners of the resources would not be able to use those resources.
Incorrect Answers:
B,C,D: are wrong because they do not fall into the definition, as explained above.