1.RBAC employs pre-defined roles that carry a specific set of privileges associated with the roles. Subjects are then simply assigned that role or simply assume that role. After a subject is assigned to a role all the privileges specified for a role in a given policy apply to that subject. We can then manage access by assigning or removing roles on subjects.

Is the following statement about RBAC models True or False? In certain designs, one could incorporate a hierarchy of roles such that role related permissions may be inherited through the role hierarchy.

True

False

2.Organizations can successfully carry out authentication processes without first having to register the identities of users/devices and proofing those identities.

True

False

A supplicant is any unverified system entity that seeks access. The supplicant could be a human user or an application/process/device.

True

False

The NIST SP 800-53 (Revision 5) presents 20 broad categories or families of controls.

True

False