ABAC Policy Evaluator
Evaluate attribute-based access control policies across healthcare, financial services, and cloud infrastructure. For each request, determine the access decision AND identify which attributes are the deciding factors.
What You’ll Practice
- Reading ABAC policies and evaluating them against a set of subject, resource, and environment attributes
- Identifying which specific attributes cause an access decision — not just “allow or deny” but why
- Understanding how environmental context (time, location, device, risk scores) changes access decisions
- Seeing ABAC in action across industries: hospital data, bank transactions, and cloud IAM
- Recognizing emergency overrides and conditional escalation policies
How the Exam Tests This
Objective 4.5 lists ABAC alongside RBAC, DAC, and MAC. CompTIA tests whether you understand that ABAC evaluates combinations of attributes — not just roles or labels. Expect questions like “Which access control model can restrict access based on time of day and geographic location?” or scenario-based questions where the correct answer requires evaluating multiple attributes simultaneously.
Scoring
Each request is scored on two dimensions: correct access decision (allow/deny) and correct identification of deciding attributes. Both matter — getting the decision right by luck doesn’t demonstrate understanding.
MISSION
ABAC evaluates access by combining subject + resource + environment + action attributes against a policy. The same person making the same request can get a different answer depending on context.
For each request, you'll make two decisions:
- 1. Is the access allowed or denied?
- 2. Which attributes are the deciding factors?