Fortify Your Cyber Fortress: Conquer the 2025 NDE Practice Exam! 🚀🔐

The correct answer is the model where access permissions are controlled by the system, not the user, which is Mandatory Access Control (MAC). In MAC, the operating system or the security kernel enforces access controls based on predefined security policies. Users cannot change permissions; therefore, access decisions are made without user discretion and are often based on classifications or clearances assigned to systems and users.

In contrast, Role-Based Access Control (RBAC) allows users to gain access based on roles assigned to them, and they may have some level of discretion in determining access based on those roles. Discretionary Access Control (DAC) enables users to control access to their own resources, meaning they can determine who has access. Attribute-Based Access Control (ABAC) uses attributes (user, resource, environment) to create dynamic access policies but still allows for user input in defining attributes.

Thus, MAC is the model emphasizing system-controlled access without user input, which clearly aligns with the definition provided.