Certified Information Systems Security Professional (CISSP) Practice Exam

Lattice-based access control is indeed characterized as a nondiscretionary access control model. In this model, access decisions are made based on a predefined set of rules that are defined in a lattice structure, which organizes access levels in a hierarchical manner. This means that access permissions are determined by the system rather than by individual users, thereby enforcing a more stringent and consistent control over who can access specific data or resources.

The lattice structure typically consists of security levels and categories, where users are assigned specific access rights that dictate their interactions with data at various sensitivity levels. This setup ensures that access is managed in a systematic way, reducing the risk of unauthorized access as permissions are tightly controlled by the system’s policies and the established lattice hierarchy. This framework is particularly valuable in environments requiring strict data classification and protection, such as government and military applications.

In contrast, the other options focus either on user-defined access or lack specific structure in defining permissions, which diverges from the defined and systematic approach inherent in lattice-based access control.