Which access control model is based on a set of user attributes to determine access decisions?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the ATI Nursing Informatics and Technology Test. Review key concepts with multiple-choice questions, all accompanied by helpful hints and clear explanations. Prepare to excel in your exam!

Multiple Choice

Which access control model is based on a set of user attributes to determine access decisions?

Explanation:
Attribute-based access control determines access by evaluating a set of attributes about the user and other factors, using policies that specify how those attributes combine to grant or deny permission. In ABAC, you might check multiple attributes at once—such as the user’s job title, department, clearance level, and even environmental factors like time of day or location—to decide whether access is allowed. This lets decisions be dynamic and fine-grained; for example, a clinician may access a patient record only if they are in the appropriate role and department and the request occurs during an approved shift. Discretionary access control relies on permissions set by the resource owner, not on a broad attribute-based rule. Role-based access control grants access based on predefined roles rather than a flexible attribute set. Mandatory access control uses fixed security labels and policy rules that enforce access regardless of user discretion. ABAC’s emphasis on combining multiple attributes for decision-making is what differentiates it.

Attribute-based access control determines access by evaluating a set of attributes about the user and other factors, using policies that specify how those attributes combine to grant or deny permission. In ABAC, you might check multiple attributes at once—such as the user’s job title, department, clearance level, and even environmental factors like time of day or location—to decide whether access is allowed. This lets decisions be dynamic and fine-grained; for example, a clinician may access a patient record only if they are in the appropriate role and department and the request occurs during an approved shift.

Discretionary access control relies on permissions set by the resource owner, not on a broad attribute-based rule. Role-based access control grants access based on predefined roles rather than a flexible attribute set. Mandatory access control uses fixed security labels and policy rules that enforce access regardless of user discretion. ABAC’s emphasis on combining multiple attributes for decision-making is what differentiates it.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy