Exam SY0-601 topic 1 question 377 discussion

A. Mandatory Access Control (MAC) In a MAC system, an operating system provides individual users with access based on data confidentiality and levels of user clearance. MAC is the strictest of all models. Access is granted on a strict, need-to-know  basis. Users must prove they need the requested information or access before gaining permission.

A = Mac

An improvement to MAC includes the use of need-to-know: a security restriction in which some objects (resources or data) are restricted unless the subject has a need to know them (i.e., granular control). "Official Review Guide"

The mandatory access control (MAC) scheme uses labels (sometimes referred to as sensitivity labels or security labels) to determine access. Security administrators assign labels to both subjects (users) and objects (files or folders). When the labels match, the system can grant a subject access to an object. When the labels don’t match, the access scheme blocks access. Military units make wide use of this scheme to protect data. You might have seen movies where they show a folder with a big red and black cover page labeled “Top Secret.” The cover page identifies the sensitivity label for the data contained within the folder. Users with a Top Secret label (a Top Secret clearance) and a need to know can access the Top Secret folder’s data.

Mandatory access control is a security model that enforces access decisions based on predetermined rules and policies. It is commonly used in government organizations and highly sensitive environments. In MAC, access to resources is strictly controlled based on labels or levels of classification. Users are assigned security clearances and can only access information that matches or is below their assigned clearance level. This ensures that only authorized individuals with a "need-to-know" can access top-secret data.

The access control schema that the administrator should consider is mandatory. Mandatory access control (MAC) is a type of access control that uses security labels to determine access to resources. MAC is often used in government organizations to secure top secret data and grant access on a need-to-know basis.

trust.

A. Mandatory

I think A. Top Secret would seem to me to require mandatory as a starting point. But...I did first think Role based.