Mary has access to certain resources because she is in the Research division of her company. What type of access control system is probably in use in her company?

The correct answer is Role Based Access Control (RBAC). This access control system grants permissions based on the roles assigned to users within an organization. Since Mary has access to certain resources specifically because she belongs to the Research division, it indicates that her access rights are aligned with her role within that division.

In RBAC, users are assigned roles, and each role has predefined permissions associated with it. This means that all members of the Research division would have similar access rights tailored to their job functions, making it an efficient way to manage permissions and ensuring that all individuals in the same role have the necessary access to perform their duties effectively.

In contrast, other access control mechanisms like Mandatory Access Control (MAC), Access Control Lists (ACL), and Discretionary Access Control (DAC) operate differently. MAC prescribes that access rights are regulated by a central authority based on system policies, making it less flexible for role-based configurations. ACLs provide a list of permissions attached to each resource, which requires more granular management than what may be necessary for a user group like the Research division. DAC allows users more freedom to set their access permissions, leading to potential inconsistencies and increased risk of breaches. Thus, the structure and rationale for Mary's access strongly support the use