A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:

A central authority determines what subjects can have access to certain objects based on the
organizational security policy is called:

A.
Mandatory Access Control

B.
Discretionary Access Control

C.
Non-Discretionary Access Control

D.
Rule-based Access Control

Explanation:
Reference: pg 46 Krutz: CISSP Prep Guide: Gold Edition