CompTIA Cloud+ Practice Test

Which of the following access control types would give a system administrator the ability to assign access according to least privilege?

• A. Role based
• B. Rule based
• C. Discretionary
• D. Mandatory

The correct answer is: Discretionary

The concept of least privilege refers to the principle of granting users, accounts, and computing processes the minimum level of access necessary to perform their functions. In this context, discretionary access control (DAC) is the correct choice because it allows the owner of the resource, in this case, the system administrator, the freedom to control access to their resources as they see fit. With DAC, administrators can assign access rights to users on a case-by-case basis. This flexibility is essential for implementing least privilege since the administrator can evaluate each user's needs and grant them access only to the data and resources that are absolutely necessary for their role. This method inherently supports fine-grained control over resource sharing and the ability to limit permissions effectively. Role-based access control (RBAC), while also useful in managing permissions, is based on predefined roles that define a set of permissions. It may not allow the same level of specificity in granting access as discretionary controls, especially in complex environments where individual user needs may vary significantly. Rule-based access control functions based on a set of system-enforced rules rather than individual discretion, limiting the ability to tailor access in line with the least privilege principle. Similarly, mandatory access control (MAC) imposes strict policies managed by the system, making