Which of the following correctly describe Role based access control?

Which of the following correctly describe Role based access control?

Which of the following correctly describe Role based access control?

A.
It allows you to specify and enforce enterprise-specific security policies in a way that maps to
your user profile groups.

B.
It allows you to specify and enforce enterprise-specific security policies in a way that maps to
your organizations structure.

C.
It allows you to specify and enforce enterprise-specific security policies in a way that maps to
your ticketing system.

D.
It allows you to specify and enforce enterprise-specific security policies in a way that maps to
your ACL.

Explanation:
Role based access control (RBAC) is an alternative to traditional discretionary (DAC)
and mandatory access control (MAC) policies. The principle motivation behind RBAC is
the desire to specify and enforce enterprise-specific security policies in a way that
maps naturally to an organization’s structure. Traditionally, managing security has
required mapping an organization’s security policy to a relatively low-level set of
controls, typically access control lists.

Show Hint

Leave a Reply to Ahmed Cancel reply1

Your email address will not be published. Required fields are marked *

four + 12 =

Ahmed

Ahmed

Vague question and vague answers.
Here is what NIST says about Role Based AC:
“A key feature of this model is that all access is through roles. A role is essentially a collection of permissions, and all users receive permissions only through the roles to which they are assigned, or through roles they inherit through the role hierarchy. Within an organization, roles are relatively stable, while users and permissions are both numerous and may change rapidly. Controlling all access through roles therefore simplifies the management and review of access controls.”
http://csrc.nist.gov/groups/SNS/rbac/faq.html

Reply