Systems Security Certified Practitioner – SSCP – Question0151

Which of the following access control models introduces user security clearance and data classification?

A.
Role-based access control
B. Discretionary access control
C. Non-discretionary access control
D. Mandatory access control

Correct Answer: D

Explanation:

The mandatory access control model is based on a security label system. Users are given a security clearance and data is classified. The classification is stored in the security labels of the resources. Classification labels specify the level of trust a user must have to access a certain file.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (Page 154).