Mac/dac/rbac

ketanwipketanwip Member Posts: 11 ■□□□□□□□□□
Hi all,

I am preparing for security+ and referring Darril Gibson's book (nicely written). There was this question and I am not able to digest the answer. Could someone pls help

Q. The system administrator establishes access permissions to network resources in the ________ access control model.

If MAC, what are the security levels assigned to object and subjects. Why not DAC and RBAC.

Many thanks in advance

Comments

  • MattSCMattSC Member Posts: 25 ■□□□□□□□□□
    ketanwip wrote: »
    Hi all,

    I am preparing for security+ and referring Darril Gibson's book (nicely written). There was this question and I am not able to digest the answer. Could someone pls help

    Q. The system administrator establishes access permissions to network resources in the ________ access control model.

    If MAC, what are the security levels assigned to object and subjects. Why not DAC and RBAC.

    Many thanks in advance

    I would answer with MAC with possible levels being secret, top secret and confidential. With DAC, the owner of each resource controls the permissions. With RBAC, your role/duty in the organization determines the access you receive.

    I don't have my book at hand, so I can't re-read Darril's take on the situation now, but during my prep for the exam, I associated MAC with an administrator.
  • ketanwipketanwip Member Posts: 11 ■□□□□□□□□□
    Thanks Matt. Considering some organization which having provisioning system, Payroll system, HR system etc. Each system or resource has its owner or admin who approve access to their system or resource. Is this access control model MAC? or DAC?
  • Dr ITDr IT Member Posts: 351 ■■■■□□□□□□
    I would go for MAC as MAC can be classfied using a labels and set by admin.

    RBAC is not in - as it uses role or rules defined .

    DAC is done by the object/file owner , so this leaves us with MAC as the only option.

    Hope that helps
    Venturing in to the Unknown

    Target 2018 : SSCP VCP- DTM

    The Difference between the Ordinary and the Extra-Ordinary is that Little " Extra ".
  • ketanwipketanwip Member Posts: 11 ■□□□□□□□□□
    Thanks Dr. IT. I think, I got it.
  • fssfss Registered Users Posts: 9 ■□□□□□□□□□
    MattSC wrote: »
    I would answer with MAC with possible levels being secret, top secret and confidential.

    I agree with the answer being MAC, but the USG classification system is more akin to RBAC than MAC. MAC access levels would be more along the lines of "read", "write", and "execute."
Sign In or Register to comment.