Exam SY0-501 topic 1 question 625 discussion

The below explanation confirms why the answer is C. "An example of ABAC would be allowing only users who are type=employees and have department=HR to access the HR/Payroll system and only during business hours within the same timezone as the company." https://blog.identityautomation.com/rbac-vs-abac-access-control-models-iam-explained

C. Attribute-Based Access Control (ABAC) Role-based access control (RBAC) are two ways of controlling the authentication process and authorizing users. RBAC controls broad access across an organization, while ABAC takes a fine-grain approach.

Attribute-based access control (ABAC) is the most fine-grained type of access control model. As the name suggests, an ABAC system is capable of making access decisions based on a combination of subject attributes (in this case, files in the share can only be accessed by MEMBERS OF THE SAME DEPARTMENT AS THE DATA OWNER) and object attributes (in this case, users should only be able to create FILES WITH APPROVED EXTENSIONS, which may differ by department) plus any context-sensitive or system-wide attributes (in this case, it can only be accessed between the hours of 9:00 a.m. and 5:00 p.m). An attribute-based system could monitor the number of events or alerts associated with a user account or with a resource, or track access requests to ensure they are consistent in terms of timing of requests or geographic location C correct

So it's only role based access control if it's spelled out? How would you differentiate on a test

Sory i change my mind after reading this Attribute-based access control draws on a set of characteristics called “attributes.” This includes user attributes, environmental attributes, and resource attributes. User attributes include things like the user’s name, role, organization, ID, and security clearance. Environmental attributes include the time of access, location of the data, and current organizational threat levels. Resource attributes include things like creation date, resource owner, file name, and data sensitivity. so the answer is Attribute base (ATBAC) Soory

Rule-based access control The last of the four main types of access control for businesses is rule-based access control. This system assigns or denies access to users based on a set of dynamic rules and limitations defined by the owner or system administrator. Such rules may limit access based on a number of unique situations, such as the individual's location, the time of day, or the device being used. The ability to customize rules and permissions makes RBAC an ideal form of access control for businesses that require a dynamic security solution.

It.is rule based access control in short management is saying is no acess is given after 5pm meaning that is a rule no one can complain about and if it is a library system same thing no access is given after working hours so the answer is A rbac

Attribute-based access control (ABAC) is the most fine-grained type of access control model. As the name suggests, an ABAC system is capable of making access decisions based on a combination of subject and object attributes plus any context-sensitive or system-wide attributes.

ABAC because RULE BASED ACCESS CONTROL wasn’t spelled out.