Identity & access
⏱ ~3-min readAceMark GuideWhat this topic is really about
Mandatory Access Control (MAC) uses security labels and clearances to enforce access control.. Mandatory Access Control (MAC) relies on system-enforced security labels and user clearances to restrict access based on the information's sensitivity.
Salting a password hash protects against rainbow table attacks by adding unique, random data to passwords before hashing.. Salting adds unique, random data to passwords before hashing, which prevents attackers from using precomputed rainbow tables to crack stolen password hashes.
See the mechanism
Mandatory Access Control (MAC) is the correct answer because it relies on system-enforced security labels and user clearances to restrict access based on the information's sensitivity. A diagram for this topic isn't available yet — the worked example below walks the same reasoning step by step.
An exam-style question, fully explained
Which access control model uses labels (e.g., Top Secret) and clearances?
- Identify what the question tests: Which access control model uses labels (e.g., Top Secret) and clearances.
- Mandatory Access Control (MAC) relies on system-enforced security labels and user clearances to restrict access based on the information's sensitivity.
- In contrast, Discretionary Access Control (DAC) allows resource owners to determine access privileges at their own discretion, rather than relying on strict, centralized system labels.
- Why it matters: Mandatory Access Control (MAC) is the correct answer because it relies on system-enforced security labels and user clearances to restrict access based on the information's sensitivity. This approach ensures that access is granted or denied based on the sensitivity level of the information, rather than the discretion of the resource owner. In contrast, other access control models such as DAC and RBAC do not use labels and clearances in the same way.
Traps the examiner sets
- Many people confuse MAC with DAC, which allows resource owners to determine access privileges at their own discretion. However, MAC is a more restrictive model that relies on system-enforced labels and clearances to enforce access control.
- Some people may think that salting protects against brute force attacks or phishing, but it specifically targets rainbow table attacks by making precomputed tables useless.
Test your recall
Answer each from memory — you'll see instantly whether you're right and why.
Run a focused 10-question mini-mock on Identity & access and see it stick.
Practice more of this topic →