The correct option is Rule based access control.

Rule based access control enforces access by evaluating policies made of rules that reference user attributes resource attributes and environmental conditions. This makes it appropriate for a logistics firm that needs decisions based on a mix of attributes such as employee job title and business division because the rules can combine those attributes into allow or deny logic.

Cloud IAM is a vendor term for cloud identity and access management and not a single access control model. Implementations of cloud IAM often use RBAC ABAC or rule engines under the hood so the name alone does not guarantee the attribute based rule evaluation the scenario requires.

Discretionary access control relies on resource owners granting access and it is not aimed at centrally enforced policies that evaluate multiple organizational attributes. It would not be the best fit when access must be decided by rules combining job title and business division.

Role based access control assigns permissions to roles and then maps users to roles. It can reflect job titles but it does not naturally express fine grained decisions that must consider several attributes together without creating many specialized roles which harms manageability.

Full AWS Practitioner Certification Question