Q: 10
DRAG DROP Match the name of access control model with its associated restriction. Drag each access control model to its appropriate restriction access on the right. 
Drag & Drop
Discussion
Got the same matches as in the official practice test:
Mandatory Access Control → End user cannot set controls
Discretionary Access Control (DAC) → Subject has total control over objects
Role Based Access Control (RBAC) → Dynamically assigns permissions to duties by job function
Rule based access control → Dynamically assigns roles based on custodian criteria.
Quick check in the ISC2 guide confirmed this layout. Pretty standard, but wording can trip you up if you're not careful.
Mandatory Access Control → End user cannot set controls, DAC → Subject has total control over objects, RBAC → Dynamically assigns permissions by job function, Rule based → Dynamically assigns roles to subjects by custodian criteria. Had something similar in a mock and this pairing matched exactly. Pretty sure this is the standard CISSP mapping.
These wording twists always mess people up, classic CISSP. The mapping should be:
- Mandatory Access Control → End user cannot set controls
- Discretionary Access Control (DAC) → Subject has total control over objects
- Role Based Access Control (RBAC) → Dynamically assigns permissions by job function
- Rule based access control → Dynamically assigns roles to subjects based on criteria assigned by a custodian
Mandatory Access Control → End user cannot set controls, DAC → Subject has total control over objects, RBAC → permissions by job function, Rule based → custodian criteria. Had something like this in a mock, looks solid.
Mandatory Access Control → End user cannot set controls, DAC → Subject has total control over objects, RBAC → Dynamically assigns permissions to duties by job function, Rule based → Dynamically assigns roles using custodian criteria.
Mandatory Access Control to end user cannot set controls, DAC to total control, RBAC to job function, Rule based to custodian criteria. That's how I see it lining up for CISSP. Pretty sure that's what the exam wants.
Yeah, the mapping goes: MAC to end user cannot set controls, DAC to total control, RBAC to job function, Rule based to custodian criteria. Matches how CISSP outlines each model. Pretty confident in this.
Mandatory Access Control → End user cannot set controls, DAC → Subject has total control, RBAC → job function, Rule based → criteria. Just watch out: RBAC and Rule based get mixed up if you forget that roles are static in pure RBAC. Seen similar on practice tests.
MAC to End user cannot set controls, DAC to total control, RBAC to job function, Rule based to custodian criteria.
RBAC to custodian criteria, Rule based to job function. That's how I matched them.
Be respectful. No spam.
