Which access control technique evaluates a set of attributes that each subject possesses to determine if access should be granted?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which access control technique evaluates a set of attributes that each subject possesses to determine if access should be granted?

Explanation:
Attribute-Based Access Control evaluates a collection of attributes tied to the subject (and often to the resource and the environment) to decide whether access should be granted. These attributes can include things like user role, department, clearance level, and even contextual factors such as time of day or location. A policy defines which attribute values permit access, and the system makes the decision by matching the subject’s attributes against that policy. This approach enables fine-grained, dynamic access decisions that can adapt as attributes change, without needing to rewrite permissions. For example, access might be granted only if the user has the appropriate clearance and belongs to the correct department and the request occurs within approved hours. Other models differ: rule-based access relies on explicit rules, mandatory access control uses fixed security labels, and least privilege is a guiding principle rather than a decision mechanism.

Attribute-Based Access Control evaluates a collection of attributes tied to the subject (and often to the resource and the environment) to decide whether access should be granted. These attributes can include things like user role, department, clearance level, and even contextual factors such as time of day or location. A policy defines which attribute values permit access, and the system makes the decision by matching the subject’s attributes against that policy. This approach enables fine-grained, dynamic access decisions that can adapt as attributes change, without needing to rewrite permissions. For example, access might be granted only if the user has the appropriate clearance and belongs to the correct department and the request occurs within approved hours. Other models differ: rule-based access relies on explicit rules, mandatory access control uses fixed security labels, and least privilege is a guiding principle rather than a decision mechanism.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy