Certified Governance Risk and Compliance (CGRC) Practice Exam 2025 - Free CGRC Practice Questions and Study Guide

The statement that a discretionary access control list (DACL) is a list containing user accounts that are allowed or denied access is accurate because DACLs are specifically designed to control access to resources by specifying the permissions assigned to different users or groups. Each entry within a DACL is known as an access control entry (ACE), which defines the type of access allowed or denied for the specified user or group.

In a DACL, you can manage who can perform certain actions on a resource, such as reading, writing, or executing files, thereby enabling a flexible security model where the resource owner has discretion over who can access their resource and in what manner. This aligns with the concept of discretionary access control, where the owner of the resource determines the access permissions rather than having them strictly set by a central authority.

While other statements provide information about related concepts, they do not accurately describe the primary function of a DACL. For instance, a rule list containing access control entries is a fundamental aspect of a DACL, but it doesn't specify that it's about allowed or denied access for users. Similarly, auditing activity relates to security measures but is not a defining characteristic of DACLs. Lastly, the identification of a user account is achieved through unique user