CISSP Exam QuestionsBrowse all questions from this exam
Go to Exam

CISSP Exam - Question 71

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?

Show Answer
Correct Answer: B

The access control method that is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context is called Attribute Based Access Control (ABAC). In ABAC, access decisions are made based on various attributes or characteristics associated with users, resources, and the environment. These attributes can include user roles, job titles, time of day, location, device type, and any other relevant contextual information. Policies are defined using these attributes, and access requests are evaluated against these policies to determine whether access should be granted or denied. ABAC offers a more flexible and fine-grained access control approach compared to other methods, allowing for granular control over resource access.

Discussion

9 comments
Sign in to comment
stickerbush1970Option: B
Sep 9, 2023

https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-162.pdf

jackdryan
May 11, 2024

B is correct

JamatiOption: B
Nov 8, 2023

From Official study guide 9th edition page 682 Attribute-Based Access Control A key characteristic of the Attribute-Based Access Control (ABAC) model is its use of rules that can include multiple attributes. This allows it to be much more flexible than a rule-based access control model that applies the rules to all subjects equally. Many software-defined networks (SDNs) use the ABAC model. Additionally, ABAC allows administrators to create rules within a policy using plain language statements such as “Allow Managers to access the WAN using a mobile device.”

BoatsOption: A
Oct 10, 2023

Mandatory Access Control 1. Access control policy 2. Classification or sensitivity labels for objects 3. Clearance or privilege labels for subjects

franbarpro
Oct 13, 2023

MAC is based on lebels - Military fav

somkiatrOption: B
Dec 26, 2023

Attribute-based access control (ABAC), also known as policy-based access control for IAM, defines an access control paradigm whereby a subject's authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment attributes.

rajkamal0Option: B
Dec 27, 2023

ABAC is the correct answer https://techgenix.com/5-access-control-types-comparison/

Bach1968Option: B
Jul 5, 2024

The access control method that is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context is called Attribute Based Access Control (ABAC). In ABAC, access decisions are made based on various attributes or characteristics associated with users, resources, and the environment. These attributes can include user roles, job titles, time of day, location, device type, and any other relevant contextual information. Policies are defined using these attributes, and access requests are evaluated against these policies to determine whether access should be granted or denied. ABAC offers a more flexible and fine-grained access control approach compared to other methods such as Role Based Access Control (RBAC) or Discretionary Access Control (DAC). It allows organizations to define access control policies based on dynamic and contextual factors, providing granular control over resource access and helping to enforce security requirements based on specific conditions.

franbarpro
Oct 13, 2023

The question is talking about Zero Trust lol. "B" attribute.

rdy4u
Oct 27, 2023

Attribute-based access control (ABAC) is an authorization model that evaluates attributes (or characteristics), rather than roles, to determine access. The purpose of ABAC is to protect objects such as data, network devices, and IT resources from unauthorized users and actions—those that don’t have “approved” characteristics as defined by an organization’s security policies. https://www.okta.com/blog/2020/09/attribute-based-access-control-abac/

ServerBrainOption: D
Mar 14, 2025

A discretionary access control (DAC) system would show how the owner of the objects allows access, allows owners to determine who can access objects they control.