For which of the following access control models is the main purpose preserving the confidentiality of data?

Mandatory access control (MAC) is designed primarily to preserve the confidentiality of data. In this model, access to resources is governed by policies set by a central authority, which classifies data and users into different security levels. Each user is granted access based on their security clearance and the data's classification level, ensuring that sensitive information is only accessible to authorized users who meet specific criteria.

MAC prevents unauthorized users from accessing classified data, thereby safeguarding against data leaks and ensuring that confidentiality is maintained. This structured approach differentiates MAC from other access control models, where the emphasis may not be solely on preserving confidentiality but also on organizational roles or user discretion.

In contrast, role-based access control focuses on user roles and responsibilities rather than on data classification, while nondiscretionary and time-based controls center around policy enforcement that may not specifically prioritize data confidentiality as MAC does.