WOLF//SEC
← All Labs
LAB 4.5-A Tier 1: In-Browser Obj 4.5 · intermediate · ~20min

Access Control Model Simulator

Apply RBAC, DAC, MAC, and ABAC to the same access requests in a hospital environment. See how the same request gets different results under different models — and understand why.

What You’ll Practice

  • Determining whether an access request is allowed or denied under RBAC (role-based), DAC (owner-based), MAC (label-based), and ABAC (attribute-based)
  • Understanding the Bell-LaPadula properties: “no read up” (Simple Security) and “no write down” (Star Property)
  • Seeing how ABAC uses environmental context (time, location, device) to make decisions the other models can’t
  • Comparing model tradeoffs: flexibility vs. strictness, user control vs. system enforcement
  • Recognizing which model CompTIA expects for different scenarios

How the Exam Tests This

Objective 4.5 covers access control implementation. CompTIA tests whether you understand the behavioral differences between models — not just definitions. Questions like “Under MAC, can a user with Secret clearance write to a Confidential document?” or “Which model considers time of day and device type?” require applied understanding, not memorized terms.

Scoring

Each access attempt is evaluated under all four models (RBAC, DAC, MAC, ABAC). Per-model accuracy is tracked so you can identify which model you need to study more.

MISSION

The same access request. Four different access control models. Different outcomes.

For each access attempt, you'll decide whether it's allowed or denied under RBAC, DAC, MAC, and ABAC. This builds the intuition CompTIA tests — knowing not just what each model is, but how they behave differently in the same situation.

THE FOUR MODELS

RBAC
Permissions are assigned to roles, users are assigned to roles. Access is determined by your role, not your identity. Most common in enterprise.
DAC
Resource owners control who has access. The creator/owner of a resource decides who can read, write, or execute it. Flexible but prone to over-granting.
MAC
System-enforced labels and clearances. Users have clearance levels, resources have classification labels. The system enforces access rules — no user can override them. Used in military/government.
ABAC
Access decisions based on attributes of the subject, resource, action, AND environment (time, location, device). The most flexible model — the same request can be allowed or denied depending on context. Powers modern cloud IAM.

ENVIRONMENT: CITY GENERAL HOSPITAL

A hospital with strict data handling requirements. Patient records are HIPAA-protected. Staff includes doctors, nurses, administrators, and IT support.
Dr. ChenPhysician (Cardiology) · Secret
Nurse PatelNurse (Cardiology) · Confidential
JonesAdmin Staff (Billing) · Unclassified
GarciaIT Support (IT) · Confidential
6 access attempts × 4 models = 24 decisions · ~20 minutes