An organisation hosts a web application and assigns individual username/ password to all its employees, together with a set of access rights so that users of a particular department are unable to access data related to any other department. Which security mechanism is employed by this organisation? (select one correct answer) A) Data Integrity B) Confidentiality C) Authentication D) Authorization E) Only A and B options F) Only B and C G) Only C and D H) Only B, C and D E) A, B, C and D
I also think G (Authentication and Authorization) is a better answer. I cannot see clues in the wording that suggest the use of 'Confidentiality'.
Unless you consider that '...so that users of a particular department are unable to access data related to any other department' means that a member of one department could install a network sniffer to access other department's data...
But I don't think you should suppose such scenarios if the question doesn't mention it.
As Jose mentions, it depends on the definition of "confidentiality". It could mean to prevent anyone who is not authorized to see the data from seeing it (in which case the line is blurred between authorization and confidentiality), or it could mean preventing eavesdropping (by using SSL or some other form of encryption).
subject: Doubt in security: authorization and confidentiality