CompTIA CASP+ Practice Test

In systems where user access is a concern, which model would be MOST effective for ensuring limited access?

• A. Discretionary Access Control (DAC)
• B. Role-Based Access Control (RBAC)
• C. Mandatory Access Control (MAC)
• D. Least Privilege Access Control

The correct answer is: Mandatory Access Control (MAC)

Mandatory Access Control (MAC) is highly effective in systems where user access is a concern, primarily because it operates on a policy-driven framework that restricts access based on organizational security policies and predefined levels of trust. In a MAC environment, access to resources is controlled by a central authority based on information classification and the user's security clearance, rather than allowing users the discretion to determine access. This model ensures that users cannot change access permissions, which significantly reduces the risk of unauthorized access to sensitive information. It is particularly beneficial in high-security environments where strict compliance and security protocols are essential, such as government or military applications. The other access control models, while effective in various contexts, offer different levels of control and flexibility. For example, Discretionary Access Control (DAC) gives users the ability to make decisions about who can access what, which may lead to potential security risks if users inadvertently grant access to unauthorized entities. Role-Based Access Control (RBAC) organizes permissions based on roles, which simplifies management but may not be as rigorous as MAC in enforcing access restrictions based on sensitivity. Least Privilege Access Control is a principle rather than a model, promoting the idea that users should only have access necessary for their tasks, but it may not enforce the strict