CompTIA Security+ Question I-51

One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following?

A. Mandatory access
B. Rule-based access control
C. Least privilege
D. Job rotation

Answer: C

Explanation:
A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more.

CompTIA Security+ Question E-84

An administrator implements SELinux on a production web server. After implementing this, the web server no longer serves up files from users’ home directories. To rectify this, the administrator creates a new policy as the root user. This is an example of which of the following? (Select TWO).

A. Enforcing SELinux in the OS kernel is role-based access control
B. Enforcing SELinux in the OS kernel is rule-based access control
C. The policy added by the root user is mandatory access control
D. Enforcing SELinux in the OS kernel is mandatory access control
E. The policy added by the root user is role-based access control
F. The policy added by the root user is rule-based access control

Answer: D,F

Explanation:
Enforcing SELinux in the OS kernel is mandatory access control. SELinux is Security Enhanced Linux which is a locked down version of the OS kernel.

Mandatory Access Control (MAC) is a relatively inflexible method for how information access is permitted. In a MAC environment, all access capabilities are predefined. Users can’t share information unless their rights to share it are established by administrators. Consequently, administrators must make any changes that need to be made to such rights. This process enforces a rigid model of security. However, it is also considered the most secure security model.

The policy added by the root user is rule-based access control. The administrator has defined a policy that states that users folders should be served by the web server. Rule-Based Access Control (RBAC) uses the settings in preconfigured security policies to make all decisions.

CompTIA Security+ Question C-11

Peter Has read and write access to his own home directory. Peter and Ann are collaborating on a project, and Peter would like to give Ann write access to one particular file in this home directory. Which of the following types of access control would this reflect?

A. Role-based access control
B. Rule-based access control
C. Mandatory access control
D. Discretionary access control

Answer: D

Explanation:
Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.

CompTIA Security+ Question A-81

A security technician is working with the network firewall team to implement access controls at the company’s demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?

A. Rule based access control
B. Role based access control
C. Discretionary access control
D. Mandatory access control

Answer: A

Explanation:
Rule-based access control is used for network devices, such as firewalls and routers, which filter traffic based on filtering rules.