Which model relies on a set of characteristics of an object to make access control decisions?

• A. Attribute-Based Access Control
• B. Discretionary Access Control
• C. Mandatory Access Control
• D. Privileged Access Management

Answer: (A)

Access decisions based on attributes assigned to the subject, the object, and the environment. This approach evaluates characteristics like who the user is (role, department, clearance), what the resource is (classification, type, sensitivity), and contextual factors (time, location) against defined rules. If the attributes satisfy the policy, access is allowed. This is why it fits: the decision hinges on the object's characteristics alongside other attributes, rather than solely on the owner’s permissions or fixed labels.

Discretionary access control relies on the resource owner’s permissions and can change at the owner’s discretion, not on a unified attribute set. Mandatory access control uses fixed labels and classifications enforced by the system, not flexible attribute evaluation. Privileged Access Management focuses on managing privileged accounts and elevation workflows rather than the attribute-driven decision process.