Confusing Facts from Study Guides Sources

Hello, I am a new guy here. So, be nice. I just took my Security+ exam yesterday, and unfortunately, I failed with score of 720. Needed 750 to pass. Plan to take it again within the next 7 days, and I am very confident that I will pass the next one.

I use CompTIA Security+ Deluxe Study Guide by Emmett Dulaney for my Security+ study. I started it in June and read from cover to cover, and I must say it was not easy reading a chapter in one sitting. Especially, when I have only minimal experiences with 20% of what was on the objectives. Took me about a month and half to finish it. I also bought another study guide from Que. Yes, the ExamCram 2nd edition. It greatly reinforced my understanding what I read in the Sybex book and summarize pretty much what I learned. I highlighted critical facts only in this book, and I also practiced the review questions at the end of each chapters in both books.

Before taking the exam, I didn't have enough time to practice all bonus exams at the end of both books. Although, I did practice two bonus exams on the Sybex cds. Today, I decided to review all practice exams that I haven't touch, and I came across this question in the second practice test in the Que book.

Question # 10
Which one of the following access control mechanisms prevents disclosure of information by assigning security levels to objects and subjects?
A. LDAP
B. MAC
C. DAC
D. RBAC

I hope you guys agree that it's B. I believe that's the correct answer, but the actual answer is C. So, I looked in both books to see what is right and wrong, but they failed to explain to me why my answer is incorrect. Can someone please elaborate on this if you have both of the study guides I use?

Thanks,

Find more posts tagged with

SAVE $250 on Your CompTIA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CompTIA Boot Camps

Comments

sidsanders

i wouldnt worry too much about this. these books have errors in them at times. do you feel ok with dac/mac/rbac or has this left you wondering a bit?

hiddenknight821

sidsanders wrote: »

i wouldnt worry too much about this. these books have errors in them at times. do you feel ok with dac/mac/rbac or has this left you wondering a bit?

Well, I would like to know if DAC is the correct answer or not, but you can elaborate on all three of them so I know I have the right concept. If DAC was actually wrong, I would have lose points on the exam when I take it again next week.

sidsanders

the key for me was: dac -- owner sets the access controls. mac -- centralization of setting access controls.

check:
Discretionary access control - Wikipedia, the free encyclopedia
Mandatory access control - Wikipedia, the free encyclopedia
Role-based access control - Wikipedia, the free encyclopedia

from my view, dac doesnt assign levels to subjects, while mac does.

"DAC provides a means of restricting access to objects based on the identity of the users or groups (subjects) that try to access those objects. Depending on a subject's access permissions, they may also be able to pass permissions to other subjects."

"Mandatory Access Control (MAC) is a security mechanism that restricts the level of control that users (subjects) have over the objects that they create. Unlike in a DAC implementation, where users have full control over their own files, directories, etc., MAC adds additional labels, or categories, to all file system objects. Users and processes must have the appropriate access to these categories before they can interact with these objects."

"Role-based Access Control (RBAC) is an alternative method of controlling user access to file system objects. Instead of access being controlled by user permissions, the system administrator establishes Roles based on business functional requirements or similar criteria. These Roles have different types and levels of access to objects."

dynamik

As mentioned earlier, don't put too much weight on a practice exam question. I think that the question is worded so vaguely that it could be either. MAC would have been my first choice as well, but what's important is that you understand the differences between them. You will (hopefully) not encounter such a poorly phrased question on the actual exam.

inc0mplete

I actually just finished reading the Access Control chapters in the Exam2cram book and watched the CBTnuggets video. I would agree that was a tricky question but I believe that the key term that was overlooked was the word "object".

Being fresh in my memory, the keywords to MAC are associated with "Label", "resource" and "system".

I think if they used the word "Label" in conjunction with the word Object, then the correct answer would be MAC