CompTIA Security+ Question B-45

Ann is a member of the Sales group. She needs to collaborate with Peter, a member of the IT group, to edit a file. Currently, the file has the following permissions:
Ann:read/write
Sales Group:read
IT Group:no access If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Peter?

A. Add Peter to the Sales group.
B. Have the system administrator give Peter full access to the file.
C. Give Peter the appropriate access to the file directly.
D. Remove Peter from the IT group and add him to the Sales group.

Answer: C

Explanation:
Peter needs access to only one file. He also needs to ‘edit’ that file. Editing a file requires Read and Write access to the file. The best way to provide Peter with the minimum required permissions to edit the file would be to give Peter the appropriate access to the file directly.

CompTIA Security+ Question B-38

Which of the following access controls enforces permissions based on data labeling at specific levels?

A. Mandatory access control
B. Separation of duties access control
C. Discretionary access control
D. Role based access control

Answer: A

Explanation:
In a MAC environment everything is assigned a classification marker. Subjects are assigned a clearance level and objects are assigned a sensitivity label.

CompTIA Security+ Question A-81

A security technician is working with the network firewall team to implement access controls at the company’s demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?

A. Rule based access control
B. Role based access control
C. Discretionary access control
D. Mandatory access control

Answer: A

Explanation:
Rule-based access control is used for network devices, such as firewalls and routers, which filter traffic based on filtering rules.

CompTIA Security+ Question A-74

The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?

A. Rule based access control
B. Mandatory access control
C. User assigned privilege
D. Discretionary access control

Answer: D

Explanation:
Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.