Q: 1
DRAG DROP Match the name of access control model with its associated restriction. Drag each access control model to its appropriate restriction access on the right. 
Drag & Drop
Discussion
Mandatory Access Control → End user cannot set controls, Discretionary Access Control → Subject has total control over objects, Role Based Access Control → Duties based on job function, Rule-based access control → Roles by custodian. That's how I've seen it lined up in most CISSP guides, fits what they're asking. Open to debate if anyone reads it differently.
I don’t think RBAC is total control, that’s DAC. Trap here is mixing up role and rule-based since the names are close. Should be: MAC → End user cannot set controls, DAC → Subject has total control, RBAC → Duties/jobs, Rule-based → Roles by custodian.
Mandatory Access Control → End user cannot set controls, DAC → Subject has total control over objects, RBAC → Duties based on job function, Rule-based → Roles by custodian. Pretty sure this matches textbook definitions, at least that's what most practice tests show. Correct me if I'm missing something.
Mandatory Access Control → End user cannot set controls, DAC → Subject has total control, RBAC → Duties by job function, Rule-based → Roles by custodian. Nice clear mapping on this one.
Mandatory Access Control → End user cannot set controls, Discretionary Access Control → Subject has total control over objects, Role Based Access Control → Dynamically assigns permissions based on job function, Rule based access control → Dynamically assigns roles by custodian criteria. I've seen similar wording in CISSP practice, and there's a trap with swapping RBAC and Rule-based-easy to mix up. Pretty sure this mapping is correct but open to discussion if someone spots a nuance.
Totally agree with MAC to end user cannot set controls, DAC is subject has total control, RBAC ties permissions to job functions, and Rule-based is roles via custodian criteria. That's how most CISSP sources show it. Pretty confident but always open to another take if anyone sees it different.
I see the confusion, but pretty sure it's MAC for end user can't set controls, DAC for subject has total control over objects, RBAC for job function duties, Rule-based for roles by custodian criteria. That's how official CISSP guides usually match them up. Correct me if you see it differently!
Mandatory Access Control → End user cannot set controls, Discretionary Access Control → Subject has total control over objects, RBAC → Dynamically assigns permissions to duties by job function, Rule-based → Dynamically assigns roles to subjects via criteria by custodian. That's the match most CISSP material uses. Pretty sure this is right but let me know if you spot a catch.
Had something like this in a mock, in a practice set: MAC to end user can't set controls, DAC to subject total control, RBAC to permissions by job function, Rule-based to roles by custodian criteria. Pretty standard CISSP mapping.
So the mapping should be: Mandatory Access Control → End user cannot set controls, DAC → Subject has total control, RBAC → Duties/job function, Rule-based → Roles by custodian. There's a catch though-sometimes rule-based gets confused with RBAC if you miss how the criteria are set. Double-checked exam reports on this.
Be respectful. No spam.
