CompTIA Security+ Exam Prep

Answer: C - Rule-based access uses specific rules that indicative what can and cannot happen between a subject and an object. It is based on the concept of “if X then Y” programming rules, which can be used to provide finer-grained access control to resources. Before a subject can access an object in a certain circumstance, it must meet a set of predefined rules. There are three different access control models. DAC: Data owners decide who has access to resources, and ACLs are used to enforce the security policy. MAC: Operating systems enforce the system’s security policy through the use of security labels. RBAC: Access decisions are based on each subject’s role and/or functional position.