Q: 10
DRAG DROP Match the name of access control model with its associated restriction. Drag each access control model to its appropriate restriction access on the right. 
Drag & Drop
Discussion
Mandatory Access Control → End user cannot set controls, DAC → Subject has total control over objects, RBAC → permissions by job function, Rule based → custodian criteria. Had something like this in a mock, looks solid.
Mandatory Access Control → End user cannot set controls, DAC → Subject has total control over objects, RBAC → Dynamically assigns permissions to duties by job function, Rule based → Dynamically assigns roles using custodian criteria.
Mandatory Access Control to end user cannot set controls, DAC to total control, RBAC to job function, Rule based to custodian criteria. That's how I see it lining up for CISSP. Pretty sure that's what the exam wants.
Yeah, the mapping goes: MAC to end user cannot set controls, DAC to total control, RBAC to job function, Rule based to custodian criteria. Matches how CISSP outlines each model. Pretty confident in this.
Mandatory Access Control → End user cannot set controls, DAC → Subject has total control, RBAC → job function, Rule based → criteria. Just watch out: RBAC and Rule based get mixed up if you forget that roles are static in pure RBAC. Seen similar on practice tests.
MAC to End user cannot set controls, DAC to total control, RBAC to job function, Rule based to custodian criteria.
Mandatory Access Control → End user cannot set controls, DAC → Subject has total control over objects, RBAC → job function duties, Rule based → custodian criteria. I don’t think Rule-based fits job function (common trap here).
Nah, RBAC actually matches to 'Dynamically assigns roles to subjects based on criteria' and Rule based goes with 'permissions by job function'.
MAC → End user cannot set controls, DAC → Subject has total control over objects, RBAC → duty by job function, Rule based → custodian criteria. I mixed up the dynamic assignment wording at first, but pretty sure this fits standard CISSP definitions. If anyone thinks RBAC and Rule based should swap, chime in.
Honestly, Rule based to job function and RBAC to custodian criteria always messes with me on these. So I mapped: MAC → End user cannot set controls, DAC → Subject has total control over objects, RBAC → custodian criteria, Rule based → job function. Seems close enough from some exam reports.
Be respectful. No spam.
