CSA Exam CCZT Topic 1 Question 11 Discussion

Actual exam question for CSA's CCZT exam

Question #: 11
Topic #: 1

[All CCZT Questions]

In SaaS and PaaS, which access control method will ZT help define

for access to the features within a service?

AData-based access control (DBAC)

BAttribute-based access control (ABAC)

CRole-based access control (RBAC)

DPrivilege-based access control (PBAC)

Show Suggested Answer

Suggested Answer: B

ABAC is an access control method that uses attributes of the requester, the resource, the environment, and the action to evaluate and enforce policies. ABAC allows for fine-grained and dynamic access control based on the context of the request, rather than predefined roles or privileges. ABAC is suitable for SaaS and PaaS, where the features within a service may vary depending on the customer's needs, preferences, and subscription level. ABAC can help implement ZT by enforcing the principle of least privilege and verifying every request based on multiple factors.

Reference=

Attribute-Based Access Control (ABAC) Definition

General Access Control Guidance for Cloud Systems

A Guide to Secure SaaS Access Control Within an Organization

by Lili at Mar 21, 2024, 12:02 AM

Limited Time Offer

25%

Off

Get Premium CCZT Questions as Interactive Web-Based Practice Test or PDF