Certified Information Systems Security Professional – CISSP – Question350

A system administration office desires to implement the following rules:

  • An administrator that is designated as a skill level 3, with 5 years of experience, is allowed to perform system backups, upgrades, and local administration.
  • An administrator that is designated as a skill level 5, with 10 years of experience, is permitted to perform all actions related to system administration.

Which of the following access control methods MUST be implemented to achieve this goal?

A.
Discretionary Access Control (DAC)
B. Role Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Attribute Based Access Control (ABAC)

Correct Answer: B