In access control evaluation, which principle is used when multiple ACEs match?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare effectively for the ServiceNow CAD certification. Study with detailed questions and explanations. Enhance your skills and knowledge for success in your exam!

Multiple Choice

In access control evaluation, which principle is used when multiple ACEs match?

Explanation:
When evaluating access, you consider all ACEs that could apply to the request and then pick the one that best matches the specifics of the situation. The most specific match means the ACE that describes the requester and the resource in the narrowest, most precise way wins. For example, an ACE that targets a particular user on a specific file is more specific than one that grants rights to a whole group on a folder. If both match, the specific user on that specific file governs the outcome, ensuring precise control. This prevents broad, general rules from overriding explicit exceptions and keeps permissions predictable. Other approaches like oldest, most permissive, or first listed rely on timing, permissiveness, or ordering, which can lead to overbroad access or inconsistent results, so they’re not the principle used here.

When evaluating access, you consider all ACEs that could apply to the request and then pick the one that best matches the specifics of the situation. The most specific match means the ACE that describes the requester and the resource in the narrowest, most precise way wins. For example, an ACE that targets a particular user on a specific file is more specific than one that grants rights to a whole group on a folder. If both match, the specific user on that specific file governs the outcome, ensuring precise control. This prevents broad, general rules from overriding explicit exceptions and keeps permissions predictable. Other approaches like oldest, most permissive, or first listed rely on timing, permissiveness, or ordering, which can lead to overbroad access or inconsistent results, so they’re not the principle used here.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy