Back to Identity and Access Management

Access Control Models

5 minutes 5 Questions

Access control models are frameworks that define how users, systems, and applications are granted or denied access to resources within an organization. Access control models ensure a least privilege approach and maintain the principle of separation of duties. Some common access control models inclu…

Test mode:
Start practice test
CompTIA Security+ - Access Control Models Example Questions

Test your knowledge of Access Control Models

Question 1

A network administrator needs to manage access to a resource based on a set of predefined rules dictated by a security policy. Which access control model should be used?

Correct Answer: Rule-Based Access Control

The scenario describes the need to manage access based on a set of predefined rules. This perfectly matches the definition of Rule-Based Access Control (RBAC), where permissions to access resources are allocated based on established and enforced rules. In the other models, access to resources is given differently: Discretionary Access Control (DAC) allows owners of the resource to grant access, Role-Based Access Control (RBAC) assigns roles to users and grant permissions based on those roles, and Mandatory Access Control (MAC) controls access based on information classification and user clearances.

Question 2

A government organization needs to control access to highly classified documents based on the clearance level of personnel and the sensitivity of the information. Which access control model should be implemented?

Correct Answer: Mandatory Access Control (MAC)

In this scenario, Mandatory Access Control (MAC) is the best choice because it enforces access control based on the clearance levels of personnel and the sensitivity of information, meeting the organization's requirements to control access to classified documents.

Question 3

An organization wants to implement an access control model where resources can be accessed based on specific conditions, such as time of day and the user's location. Which access control model should be used?

Correct Answer: Rule-Based Access Control (RBAC)

Rule-Based Access Control (RBAC) is the correct choice for this scenario because it evaluates predefined rules to determine access, such as time of day or user location, which aligns well with the organization's requirements.

More Access Control Models questions
11 questions (total)
Start 11 question test