Carl has been asked to set up access control for a server. The requirements state that users at a lower privilege level should not be able to see or access files or data at a higher privilege level. What access control model would best fit these requirements?

Mandatory access control (MAC) is the correct solution. It will not allow lower privileged users to even see the data at a higher privilege level. Discretionary access control (DAC) has each data owner configure their own security. Role-based access control (RBAC) could be configured to meet the needs, but it’s not the best solution for these requirements. Security Assertion Markup Language (SAML) is not an access control model.