Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
What are key differences between MAC (Mandatory Access Control) and DAC(Discretionary Access Control)
In discretionary access control (DAC), the owner of the object specifies which subjects can access the object. In mandatory access control (MAC), the system (and not the users) determines which subjects can access specific data objects.
In discretionary access control (DAC), the owner of the object specifies which subjects can access the object. Mandatory access control (MAC) relies on classification labels (and not the users) to determine which subjects can access specific data objects.
In discretionary access control (DAC), the system (and not the users) specifies which subjects can access specific data objects. In mandatory access control (MAC), the owner of the object determines which subjects can access the object.
Very confusing questions and answers: Please redo this question, it is abysmal and required grammatical repair in both of the supplied answers.
Discretionary Access Control
In discretionary access control (DAC), the owner of the object specifies which subjects can access the object. This model is called discretionary because the control of access is based on the discretion of the owner.
Most operating systems such as all Windows, Linux, and Macintosh and most flavors of Unix are based on DAC models.
In these operating systems, when you create a file, you decide what access privileges you want to give to other users; when they access your file, the operating system will make the access control decision based on the access privileges you created.
Mandatory Access Control
In mandatory access control (MAC), the system (and not the users) specifies which subjects can access specific data objects.
The MAC model is based on security labels. Subjects are given a security clearance (secret, top secret, confidential, etc.), and data objects are given a security classification (secret, top secret, confidential, etc.). The clearance and classification data are stored in the security labels, which are bound to the specific subjects and objects.
When the system is making an access control decision, it tries to match the clearance of the subject with the classification of the object. For example, if a user has a security clearance of secret, and he requests a data object with a security classification of top secret, then the user will be denied access because his clearance is lower than the classification of the object.
Edit: Totally agree this a very confusing question and needs to be removed or simplified
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.