Options

Discretionary access conrol

teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
in Security+
I came across a question worded similarly to the following:

The groups and permissions of a SharePoint site have been set up by the security department. No one may change the permissions and all requests for access are centrally managed by by the security department. This can best be described as:
a) DAC
b) MAC
c) Rule based access control
d) User assigned privileges

The answer is 'a' (through process of elimination, I picked 'd'). This does not fit my understanding of DAC. Thoughts?
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D
· Share on FacebookShare on Twitter

Comments

  • Options
    TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Essentially DAC is: somebody creates an object and only they can give access.
    Security Certification Roadmap
    · Share on FacebookShare on Twitter
  • Options
    samurai86samurai86 Member Posts: 104 ■■□□□□□□□□
    I do understand this as DAC as well. I think they are trying to trip you up slightly by throwing the "security" department in there. But in the question they infer that the security department is the owner of the SharePoint system. Since they (the owner aka the Security department) delegate permissions, this would be a DAC environment.



    At least this is how I see it.

    Edit: Also in a MAC environment confidentiality is key. A question with MAC as the answer would likely mention confidentiality, military, labels, classification, along with being centrally managed.
    Bachelor's of Applied Science in Technology Management - Information Security Assurance (St. Petersburg College)
    Masters of Science in Digital Forensics (University of Central Florida)
    · Share on FacebookShare on Twitter
  • Options
    TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    samurai86 wrote: »
    Edit: Also in a MAC environment confidentiality is key. A question with MAC as the answer would likely mention confidentiality, military, labels, classification, along with being centrally managed.

    That is what I have seen anytime talking about MAC...classification or government. MAC also requires the most effort because you can inherit access with DAC.
    Security Certification Roadmap
    · Share on FacebookShare on Twitter
  • Options
    samurai86samurai86 Member Posts: 104 ■■□□□□□□□□
    Tis true
    Bachelor's of Applied Science in Technology Management - Information Security Assurance (St. Petersburg College)
    Masters of Science in Digital Forensics (University of Central Florida)
    · Share on FacebookShare on Twitter
  • Options
    5502george5502george Member Posts: 264
    MAC questions will normally be associated with labeling or classification from what I have seen.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.