In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?
Correct Answer: A
Role Based Access Control (RBAC) is a model of access control that assigns permissions to roles, rather than individual users. Roles are defined based on the functions or responsibilities of the users in an organization.
Users are then assigned to one or more roles, and inherit the permissions of those roles. RBAC simplifies the administration and management of access control, as it reduces the complexity and redundancy of assigning permissions to each user. RBAC also supports the principle of least privilege, as users only have the permissions they need to perform their tasks. An example of RBAC is allowing users access to files based on their group membership, such as managers, engineers, or accountants. Each group has a predefined set of permissions to access the files relevant to their role, and users who belong to that group can access those files accordingly. References: Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 5: Identity and Access Management (IAM), page 221. [CISSP All-in-One Exam Guide, Eighth Edition], Chapter 10: Identity and Access Management, page 602.