Doubt in security: authorization and confidentiality

Below is a question from http://www.cafe4java.com

An organisation hosts a web application and assigns individual username/ password to all its employees, together with a set of access rights so that users of a particular department are unable to access data related to any other department. Which security mechanism is employed by this organisation? (select one correct answer)
A) Data Integrity
B) Confidentiality
C) Authentication
D) Authorization
E) Only A and B options
F) Only B and C
G) Only C and D
H) Only B, C and D
E) A, B, C and D

Answer given is H, would G be a better answer?

Answer is G.

"provide username/password" --> Authentication

"users of a particular department are unable to access data related to any other department" --> Authorization

Thanks & Regards,

So the answer is G not H, right?

Yes. Answer is G only.

Nothing has been mentioned regarding Confidentiality or Integrity.

By the way, where from you have taken this question ?

As mentioned in my original post : http://www.cafe4java.com

I also think G (Authentication and Authorization) is a better answer. I cannot see clues in the wording that suggest the use of 'Confidentiality'.

Unless you consider that '...so that users of a particular department are unable to access data related to any other department' means that a member of one department could install a network sniffer to access other department's data...

But I don't think you should suppose such scenarios if the question doesn't mention it.

As Jose mentions, it depends on the definition of "confidentiality". It could mean to prevent anyone who is not authorized to see the data from seeing it (in which case the line is blurred between authorization and confidentiality), or it could mean preventing eavesdropping (by using SSL or some other form of encryption).