An access control model where each resource is protected by an access control list (ACL) managed by the resource's owner is best described as which model?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

An access control model where each resource is protected by an access control list (ACL) managed by the resource's owner is best described as which model?

Explanation:
Discretionary Access Control is about owner‑controlled permissions. In this model, the resource has an access control list that the owner maintains, detailing which users or groups can perform which operations on that resource. The owner can grant, modify, or revoke access at their discretion, making access decisions based on the owner’s choices for each object. This contrasts with models where access is driven by roles (RBAC) or by centralized policies that aren’t owner-driven (MAC). Attestation isn’t a method for controlling access to resources, and a Group Account is simply a shared account, not a way to model access control decisions.

Discretionary Access Control is about owner‑controlled permissions. In this model, the resource has an access control list that the owner maintains, detailing which users or groups can perform which operations on that resource. The owner can grant, modify, or revoke access at their discretion, making access decisions based on the owner’s choices for each object. This contrasts with models where access is driven by roles (RBAC) or by centralized policies that aren’t owner-driven (MAC). Attestation isn’t a method for controlling access to resources, and a Group Account is simply a shared account, not a way to model access control decisions.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy