An access control system is a set of technical controls that govern how subjects may interact with objects, making it the correct choice.

Encryption is NOT one of the four main processes of an access control system. The main processes are Identification, Authentication, and Authorization.

The principle of least privilege means giving users only the minimum level of access or permissions needed to perform their tasks, reducing the risk of unauthorized access or misuse.

The principle of implicit deny states that unless a rule explicitly allows traffic, it is denied by default.

An Access Control List (ACL) is a list of permissions attached to an object that specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects.

Discretionary Access Control (DAC) stresses the importance of the owner and grants them full control over the resource, making it the correct choice.

Role-based Access Control (RBAC) adds an extra degree of administrative control by defining organizational roles.