What is called a type of access control where a central authority determines what subjects can
have access to certain objects, based on the organizational security policy?
A.
Mandatory Access Control
B.
Discretionary Access Control
C.
Non-discretionary Access Control
D.
Rule-based access control
Explanation:
Non-Discretionary Access Control. A central authority determines what subjects can
have access to certain objects based on organizational security policy. The access controls may
be based on the individual’s role in the organization (role-based) or the subject’s responsibilities
and duties (task-based).
Pg. 33 Krutz: The CISSP Prep Guide.