Access Control Models — CISSP Practice Questions
Access control models are formal frameworks that define the rules and policies governing how subjects interact with objects within an information system. The CISSP exam expects candidates to understand the major models, including Discretionary Access Control, Mandatory Access Control, Role-Based Access Control, and Rule-Based Access Control, along with their theoretical foundations. Each model has distinct properties regarding who controls permissions, how labels or roles are assigned, and what security properties are enforced. Scenario questions frequently require candidates to match a model to a given organizational requirement, such as military classification systems or commercial multi-tenant environments.
Free questions on access control models
Which type of access control makes authorization decisions based on attributes of the subject, resource, and environment?
Free question · medium · full answer + explanation
Which access control model provides role-based permissions?
Free question · easy · full answer + explanation
More access control models questions in the full bank
- An organization's access control system enforces the Bell-LaPadula model. A user with secret clearance attempts to read a top-secret document. Which security principle prevents this access? Unlock answer & explanation →
- Which security model is BEST suited for organizations with strict information sensitivity hierarchies? Unlock answer & explanation →
- Which access control model is based on user identity and specific access rules? Unlock answer & explanation →