wood burning stoves*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Doubt in security: authorization and confidentiality Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Doubt in security: authorization and confidentiality" Watch "Doubt in security: authorization and confidentiality" New topic
Author

Doubt in security: authorization and confidentiality

Joshua Antony
Ranch Hand

Joined: Jun 05, 2006
Posts: 254
Below is a question from http://www.cafe4java.com

An organisation hosts a web application and assigns individual username/ password to all its employees, together with a set of access rights so that users of a particular department are unable to access data related to any other department. Which security mechanism is employed by this organisation? (select one correct answer)
A) Data Integrity
B) Confidentiality
C) Authentication
D) Authorization
E) Only A and B options
F) Only B and C
G) Only C and D
H) Only B, C and D
E) A, B, C and D

Answer given is H, would G be a better answer?


SCJP,SCWCD, Into ATG now!
Devi Sri
Ranch Hand

Joined: Dec 20, 2005
Posts: 114

Answer is G.

"provide username/password" --> Authentication

"users of a particular department are unable to access data related to any other department" --> Authorization

Thanks & Regards,


Devisri, SCJP 5.0, SCWCD 5.0
"Dream is Not what you see in sleep. Dream is that which never lets you sleep" - Abdul Kalam
Joshua Antony
Ranch Hand

Joined: Jun 05, 2006
Posts: 254
So the answer is G not H, right?
Devi Sri
Ranch Hand

Joined: Dec 20, 2005
Posts: 114

Yes. Answer is G only.

Nothing has been mentioned regarding Confidentiality or Integrity.

By the way, where from you have taken this question ?
Joshua Antony
Ranch Hand

Joined: Jun 05, 2006
Posts: 254
As mentioned in my original post : http://www.cafe4java.com
Jose Luis Huertas
Greenhorn

Joined: Nov 02, 2007
Posts: 6
I also think G (Authentication and Authorization) is a better answer. I cannot see clues in the wording that suggest the use of 'Confidentiality'.

Unless you consider that '...so that users of a particular department are unable to access data related to any other department' means that a member of one department could install a network sniffer to access other department's data...

But I don't think you should suppose such scenarios if the question doesn't mention it.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41052
    
  43
As Jose mentions, it depends on the definition of "confidentiality". It could mean to prevent anyone who is not authorized to see the data from seeing it (in which case the line is blurred between authorization and confidentiality), or it could mean preventing eavesdropping (by using SSL or some other form of encryption).


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Doubt in security: authorization and confidentiality
 
Similar Threads
mock exam question on security
Mock exam question
need help,2 questions
Security Mock question
Collection and Map