Which access control model labels both subjects and objects with classification levels and enforces non-discretionary rules?
A CISSP practice question covering Domain 5: Identity and Access Management (IAM). Try answering before reading the explanation below.
Show options & answer
Why "MAC" is the right answer
MAC (Mandatory Access Control) enforces fixed labels (Top Secret, Secret, etc.) — used in military and government systems. DAC lets owners grant access at their discretion. RBAC uses roles. ABAC uses arbitrary attributes.
Study videos for this topic
Want to go deeper on Domain 5? Watch the full breakdown — every video is free, no account, no upsell.
CISSP Domain 5: Authentication, MFA & Passkeys
Domain 5 — Identity and Access Management (IAM)
CISSP Domain 5: SSO, SAML, OAuth, OIDC & Kerberos
Domain 5 — Identity and Access Management (IAM)
CISSP Domain 5: DAC, MAC, RBAC, ABAC Explained
Domain 5 — Identity and Access Management (IAM)
CISSP Domain 5: Identity Lifecycle & PAM Explained
Domain 5 — Identity and Access Management (IAM)
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.