RBAC Conflicts

Lunchbocks · February 2008

I am currently using a Thompson book (from school) and the Exam Cram 2 book to help me study for the Security+ Cert. I have run into an issue where the 2 book contradict themselves. When using RBAC as an access control model, one of the books states that a user can only be assigned a single role, and the other book states that a user may be assigned multiple roles. This isn't a misunderstanding, but a clear contradiction. My question, which is correct? Can a user be assigned multiple roles in an RBAC environment, or are they limited to a single role?

Thanks,

LB

undomiel · February 2008

The one stating multiple roles is correct. For example, a person could be part of accounting and part of HR using the same identity that way they could access both roles.

dynamik · February 2008

Be sure to check the technotes on this site as well: http://techexams.net/co_securityplus.shtml

Here is the Access Control section: http://techexams.net/technotes/securityplus/mac_dac_rbac.shtml

sprkymrk · February 2008

Unfortunately, the standards for RBAC are not always adhered to by all vendors and/or implementations, so either could be correct depending on the context. In most cases you'll find that multiple roles can be assigned, and that's the answer I would take with me to the exam.

Here is all (and more) you ever wanted to know about RBAC from the NIST (National Institute of Standards and Technology) site:

http://csrc.nist.gov/groups/SNS/rbac/

Lunchbocks · February 2008

Great, thanks. I know that there is the test way, and the exam way of doing things, and I am definitely looking for the exam way right now. But I always want to know the real-world way of doing it as well.

I do have another question. What practice tests are people using that they believe most accurately represent the real exam? I am using this site, free-exams.com, and preplogic for now. I am getting consistent grades in the low to mid 80's. But last night I took a Transcender exam, and got 60%. It was loaded with questions relating to things I have never heard of, from college classes, Thompson books, Exam Cram books, or Sybex. I know Transcender used to be the one to use for Microsoft exams, but I don't know about Security+.

Thanks a lot for the help, and I look forward to hear what others think about practice tests.

LB

dynamik · February 2008

I used Transcender for this. You should also check out the Syngress book. You can get an ebook directly from them for $24: http://www.syngress.com/catalog/?pid=4350

Lunchbocks · February 2008

I will check it out, thanks. Did you find that the Transcender exams followed closely to the real exam?

dynamik · February 2008

I use Transcender for all my exams. They force me to think critically about the material, which helps me retain the information.

RBAC Conflicts

Comments