Which model is nondiscretionary and relies on a predefined set of rules or restrictions to grant access in a nondiscretionary manner?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which model is nondiscretionary and relies on a predefined set of rules or restrictions to grant access in a nondiscretionary manner?

Explanation:
Access decisions are governed by policy rather than the resource owner’s choices. Nondiscretionary models enforce a central policy that controls who can access what, independent of who owns the resource. Rule-Based Access Control matches this idea because access is granted or denied according to a predefined set of rules or restrictions that the system enforces. Those rules dictate decisions uniformly across subjects and objects, rather than being decided at the discretion of individual owners. While other models use roles (RBAC), attributes (ABAC), or security labels (MAC) as the basis for access, the distinctive feature here is the explicit rule engine that applies a fixed policy to determine access.

Access decisions are governed by policy rather than the resource owner’s choices. Nondiscretionary models enforce a central policy that controls who can access what, independent of who owns the resource. Rule-Based Access Control matches this idea because access is granted or denied according to a predefined set of rules or restrictions that the system enforces. Those rules dictate decisions uniformly across subjects and objects, rather than being decided at the discretion of individual owners. While other models use roles (RBAC), attributes (ABAC), or security labels (MAC) as the basis for access, the distinctive feature here is the explicit rule engine that applies a fixed policy to determine access.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy