6. Access Control (RBAC, ABAC)

Question 1

What is Role-Based Access Control (RBAC)?

Answer 1

An access control model that assigns permissions to users based on their roles.

Question 2

How does RBAC differ from DAC?

Answer 2

RBAC assigns permissions to roles, not directly to users.

Question 3

What is a role in RBAC?

Answer 3

A collection of permissions representing a job function.

Question 4

How do users get permissions in RBAC?

Answer 4

By being assigned to roles.

Question 5

What is role-centric access control?

Answer 5

Access decisions are based on roles rather than individual users.

Question 6

Why does RBAC simplify management?

Answer 6

Admins manage roles instead of individual permissions.

Question 7

What does separation of users and permissions mean in RBAC?

Answer 7

Users are linked to roles, and roles are linked to permissions.

Question 8

How does RBAC support job changes?

Answer 8

Updating a user’s role automatically updates permissions.

Question 9

What is the principle of least privilege?

Answer 9

Users should have only the minimum permissions needed.

Question 10

How does RBAC enforce least privilege?

Answer 10

Roles contain only required permissions.

Question 11

What is role hierarchy?

Answer 11

Senior roles inherit permissions from junior roles.

Question 12

Give an example of role hierarchy.

Answer 12

Manager inherits Employee permissions.

Question 13

What is Separation of Duties (SoD)?

Answer 13

Preventing users from holding conflicting roles.

Question 14

Why is SoD important?

Answer 14

It reduces fraud and abuse.

Question 15

How does RBAC enforce SoD?

Answer 15

By restricting conflicting role assignments.

Question 16

Name the core elements of RBAC.

Answer 16

Users, Roles, Permissions, Sessions.

Question 17

What are RBAC sessions?

Answer 17

Activated subsets of roles during a session.

Question 18

Why are sessions useful?

Answer 18

They limit active permissions temporarily.

Question 19

What is Core RBAC?

Answer 19

Basic model with users, roles, and permissions.

Question 20

What is Hierarchical RBAC?

Answer 20

RBAC with inherited roles.

Question 21

What is Constrained RBAC?

Answer 21

RBAC with enforced separation of duties.

Question 22

What is Dynamic RBAC?

Answer 22

RBAC where roles are activated per session.

Question 23

What is a major advantage of RBAC scalability?

Answer 23

It works well in large organizations.

Question 24

How does RBAC improve security?

Answer 24

By enforcing least privilege.

Question 25

Why is RBAC good for compliance?

Answer 25

It enforces structured access policies.

Question 26

How does RBAC simplify access management?

Answer 26

Roles handle onboarding and changes.

Question 27

What is role explosion?

Answer 27

Too many roles to manage effectively.

Question 28

Why is RBAC sometimes rigid?

Answer 28

It lacks flexibility in dynamic environments.

Question 29

What is initial setup complexity in RBAC?

Answer 29

Designing roles and permissions is time-consuming.

Question 30

What is limited context awareness in RBAC?

Answer 30

RBAC ignores time, location, and device.

Question 31

What is Attribute-Based Access Control (ABAC)?

Answer 31

An access control model based on evaluating attributes and policies.

Question 32

How does ABAC differ from RBAC?

Answer 32

ABAC uses attributes instead of roles.

Question 33

What makes ABAC flexible?

Answer 33

Policies evaluate multiple attributes.

Question 34

What are attribute-based policies?

Answer 34

Rules based on user, resource, and environment attributes.

Question 35

Why is ABAC fine-grained?

Answer 35

It evaluates many attributes for access.

Question 36

What is policy-based management in ABAC?

Answer 36

Policies define access rules using formal languages.

Question 37

What makes ABAC context-aware?

Answer 37

It considers time, location, and device.

Question 38

Name the main types of ABAC attributes.

Answer 38

User, Resource, Action, Environment.

Question 39

What are user attributes?

Answer 39

Department, clearance, certifications.

Question 40

What are resource attributes?

Answer 40

Sensitivity, ownership, data type.

Question 41

What are action attributes?

Answer 41

Read, write, delete.

Question 42

What are environment attributes?

Answer 42

Time, location, device security.

Question 43

What is an example of ABAC policy?

Answer 43

Doctors can access records during work hours in hospital network.

Question 44

What is a major advantage of ABAC flexibility?

Answer 44

Supports complex access requirements.

Question 45

Why is ABAC good for dynamic systems?

Answer 45

Policies adapt to real-time context.

Question 46

How does ABAC support privacy and compliance?

Answer 46

Through fine-grained policies.

Question 47

What is a major disadvantage of ABAC complexity?

Answer 47

Policies and attributes are hard to design.

Question 48

Why can ABAC cause performance overhead?

Answer 48

Multiple attributes are evaluated in real time.

Question 49

What is policy management difficulty in ABAC?

Answer 49

Keeping complex rules updated.

Question 50

Why is ABAC interoperability difficult?

Answer 50

Different implementations vary.

Question 51

What is XACML?

Answer 51

An XML-based standard for ABAC policies.

Question 52

What is the purpose of XACML?

Answer 52

To define and evaluate access control policies.

Question 53

What is a Policy Enforcement Point (PEP)?

Answer 53

Enforces access decisions.

Question 54

What is a Policy Decision Point (PDP)?

Answer 54

Evaluates requests and makes decisions.

Question 55

What is a Policy Administration Point (PAP)?

Answer 55

Manages and creates policies.

Question 56

What is a Policy Information Point (PIP)?

Answer 56

Provides attribute information.

Question 57

What decisions can PDP return?

Answer 57

Permit, Deny, NotApplicable, Indeterminate.

Question 58

What is the main benefit of XACML?

Answer 58

Standardized policy enforcement.