Cisco Cyber Security Practice Exam 2025 – Your All-in-One Guide to Exam Success!

Role-based access control (RBAC) is the correct choice because it assigns permissions based on the roles of individual users within an organization. In this case, only senior managers with high clearance possess a role that allows them access to the Finance Report. This access control model effectively makes access decisions based on the roles assigned to users, ensuring that the principle of least privilege is enforced.

RBAC simplifies management by allowing administrators to define access permissions centrally and assign them to different roles rather than to individual users. This is particularly effective in organizations with a clear hierarchical structure where specific roles, such as senior management, require elevated access to sensitive information like financial reports.

In contrast, mandatory access control enforces regulations set by a central authority and does not allow individuals to change access settings. Discretionary access control allows users to control access to their own resources, which is not suitable in scenarios requiring stringent access such as financial data. Rule-based access control applies specific rules to allow or deny access, which lacks the role definition aspect critical for managing access for senior managers specifically.