A company uses 'Role-Based Access Control' (RBAC). How are permissions assigned?

Answer options:

Permissions are assigned directly to each user individually.

Permissions are assigned to roles (e.g., 'Manager'), and users are assigned to roles.

Permissions are based on the user's security clearance level (Top Secret).

Permissions are based on time of day.

How to approach this question

User -> Role -> Permission.

Full Answer

B.Permissions are assigned to roles (e.g., 'Manager'), and users are assigned to roles.✓ Correct

In RBAC, access rights are grouped by role name, and the use of resources is restricted to individuals authorized to assume the associated role. This simplifies administration compared to assigning rights to every user individually.

Common mistakes

Confusing RBAC with MAC (Clearance levels).

Question 77 All questions Question 79

Practice the full CPA ISC Practice Exam 3

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...Medium Q02During a review of a client's cloud governance structure, an auditor notes that the client uses a...Medium Q03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...Hard Q04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...Hard Q05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium

View all 82 questions →