Which access control model allows the resource owner to specify which users can access each resource?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the CompTIA SecurityX Test. Equip yourself with comprehensive flashcards and multiple choice questions that include hints and explanations. Gear up for your certification exam!

Multiple Choice

Which access control model allows the resource owner to specify which users can access each resource?

Explanation:
Discretionary access control is about giving the resource owner the power to decide who can access a resource and what they can do with it. In this model, the owner sets permissions on a per-resource basis—typically using an access control list or similar mechanism—so they can grant or revoke access for specific users or groups. This hands-on control lets the owner tailor access very precisely to each resource, such as allowing one colleague to read a file while another is allowed to edit it. Contrast this with other models: mandatory access control enforces a central policy based on classifications and clearances, so owners don’t personally grant access. Role-based access control assigns permissions by user roles rather than by individual owner decisions. Attribute-based access control makes access decisions from user, resource, and environment attributes according to policies, not owner permissions. The scenario described aligns with discretionary access control because it centers on the resource owner deciding who can access that particular resource.

Discretionary access control is about giving the resource owner the power to decide who can access a resource and what they can do with it. In this model, the owner sets permissions on a per-resource basis—typically using an access control list or similar mechanism—so they can grant or revoke access for specific users or groups. This hands-on control lets the owner tailor access very precisely to each resource, such as allowing one colleague to read a file while another is allowed to edit it.

Contrast this with other models: mandatory access control enforces a central policy based on classifications and clearances, so owners don’t personally grant access. Role-based access control assigns permissions by user roles rather than by individual owner decisions. Attribute-based access control makes access decisions from user, resource, and environment attributes according to policies, not owner permissions. The scenario described aligns with discretionary access control because it centers on the resource owner deciding who can access that particular resource.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy