Which access control model uses attributes to make authorization decisions?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the CDX 182A Exam with comprehensive flashcards and multiple choice questions, each complete with hints and thorough explanations. Ace your test with our well-structured study materials!

Multiple Choice

Which access control model uses attributes to make authorization decisions?

Explanation:
Attribute-based access control uses attributes to decide access. In ABAC, decisions are made by evaluating multiple attributes of the user, the resource, and the current context against a defined policy. This allows flexible, fine-grained rules that adapt to real-time circumstances. For example, you can permit reading a confidential document only if the requester works in the finance department, has the necessary clearance, and the request happens during business hours; if any attribute doesn’t match, access is denied. Other models base decisions on a different organizing idea. One relies on roles: access is granted because the user has a particular role, not because a set of attributes is being evaluated. Another follows discretionary control, where the owner decides who can access a resource, without a formal attribute-based rule. The remaining model uses fixed security classifications and mandatory labels enforced by a central authority, rather than evaluating user and resource attributes.

Attribute-based access control uses attributes to decide access. In ABAC, decisions are made by evaluating multiple attributes of the user, the resource, and the current context against a defined policy. This allows flexible, fine-grained rules that adapt to real-time circumstances. For example, you can permit reading a confidential document only if the requester works in the finance department, has the necessary clearance, and the request happens during business hours; if any attribute doesn’t match, access is denied.

Other models base decisions on a different organizing idea. One relies on roles: access is granted because the user has a particular role, not because a set of attributes is being evaluated. Another follows discretionary control, where the owner decides who can access a resource, without a formal attribute-based rule. The remaining model uses fixed security classifications and mandatory labels enforced by a central authority, rather than evaluating user and resource attributes.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy