RBAC Conflicts
Lunchbocks
Member Posts: 319 ■■■■□□□□□□
in Security+
I am currently using a Thompson book (from school) and the Exam Cram 2 book to help me study for the Security+ Cert. I have run into an issue where the 2 book contradict themselves. When using RBAC as an access control model, one of the books states that a user can only be assigned a single role, and the other book states that a user may be assigned multiple roles. This isn't a misunderstanding, but a clear contradiction. My question, which is correct? Can a user be assigned multiple roles in an RBAC environment, or are they limited to a single role?
Thanks,
LB
Thanks,
LB
Degree: Liberty University - B.S Computer Science (In Progress)
Current Certs: CCENT | MCTS | Network+
Currently Working On: Security+
Current Certs: CCENT | MCTS | Network+
Currently Working On: Security+
2020 Goals: CCNA, CCNP Security, Linux+
Comments
-
undomiel
Member Posts: 2,818
The one stating multiple roles is correct. For example, a person could be part of accounting and part of HR using the same identity that way they could access both roles.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/ -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Be sure to check the technotes on this site as well: http://techexams.net/co_securityplus.shtml
Here is the Access Control section: http://techexams.net/technotes/securityplus/mac_dac_rbac.shtml -
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
Unfortunately, the standards for RBAC are not always adhered to by all vendors and/or implementations, so either could be correct depending on the context. In most cases you'll find that multiple roles can be assigned, and that's the answer I would take with me to the exam.
Here is all (and more) you ever wanted to know about RBAC from the NIST (National Institute of Standards and Technology) site:
http://csrc.nist.gov/groups/SNS/rbac/All things are possible, only believe. -
Lunchbocks
Member Posts: 319 ■■■■□□□□□□
Great, thanks. I know that there is the test way, and the exam way of doing things, and I am definitely looking for the exam way right now. But I always want to know the real-world way of doing it as well.
I do have another question. What practice tests are people using that they believe most accurately represent the real exam? I am using this site, free-exams.com, and preplogic for now. I am getting consistent grades in the low to mid 80's. But last night I took a Transcender exam, and got 60%. It was loaded with questions relating to things I have never heard of, from college classes, Thompson books, Exam Cram books, or Sybex. I know Transcender used to be the one to use for Microsoft exams, but I don't know about Security+.
Thanks a lot for the help, and I look forward to hear what others think about practice tests.
LBDegree: Liberty University - B.S Computer Science (In Progress)
Current Certs: CCENT | MCTS | Network+
Currently Working On: Security+2020 Goals: CCNA, CCNP Security, Linux+ -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
I used Transcender for this. You should also check out the Syngress book. You can get an ebook directly from them for $24: http://www.syngress.com/catalog/?pid=4350
-
Lunchbocks
Member Posts: 319 ■■■■□□□□□□
I will check it out, thanks. Did you find that the Transcender exams followed closely to the real exam?Degree: Liberty University - B.S Computer Science (In Progress)
Current Certs: CCENT | MCTS | Network+
Currently Working On: Security+2020 Goals: CCNA, CCNP Security, Linux+ -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
I use Transcender for all my exams. They force me to think critically about the material, which helps me retain the information.