CompTIA Cloud+ Practice Test

For high-security environments, what type of access control is appropriate for sensitive data access?

• A. Mandatory access control
• B. Nondiscretionary
• C. Roles
• D. Multifactor

The correct answer is: Mandatory access control

Mandatory access control (MAC) is a highly secure access control model that is particularly suitable for environments requiring stringent security measures. In MAC, access to sensitive data is governed by centralized policies established by a security administrator or system owner, rather than by individual users. This means that user permissions are determined based on the classification of the information and the user's security clearance level. For environments that handle highly sensitive information, MAC helps ensure that access rights are strictly enforced and cannot be modified by users themselves, reducing the risk of unauthorized access. Users can only access data for which they have sufficient clearance as established by the policies, which minimizes the potential for data breaches or unauthorized disclosures. Given the nature of high-security environments, where the integrity and confidentiality of data are paramount, mandatory access control is ideal because it provides a robust framework for enforcing access restrictions based on set regulations, rather than relying on individual users or roles that could potentially introduce vulnerabilities. Other options, while they may contribute to access control mechanisms, do not provide the same level of stringent control inherent in mandatory access systems. Hence, MAC stands out as the most suitable choice for sensitive data access in such high-security scenarios.