Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Mock question

 
Zhixiong Pan
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An organisation hosts a web application and assigns individual username/ password to all its employees, together with a set of access rights so that users of a particular department are unable to access data related to any other department. Which security mechanism is employed by this organisation? (select one correct answer)
A) Data Integrity
B) Confidentiality
C) Authentication
D) Authorization
E) Only A and B options
F) Only B and C
G) Only C and D
H) Only B, C and D
E) A, B, C and D

hi ranchers,

The correct answer is H, but I am confused why the "Confidentiality" is also used here.

Thanks.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't forget to QuoteYourSources.
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2405
93
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Zhixiong,

Using the following definitions:
  • Authentication: identifying a party to a web-application
  • Authorization: what the identified party is allowed to do within a web-application
  • Data integrity: the means used to prove that information has not been modified by a third party while in transit
  • Data privacy: the means to ensure that information is made available only to users who are authorized to access it

  • then the following apply: Authentication, Authorization, Data privacy
    Confidentiality is just another word for Data privacy.

    Regards,
    Frits
     
    Zhixiong Pan
    Ranch Hand
    Posts: 239
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Thanks Frits, can I understand your meaning as the following example?
    Department A can access the Dept A web resource. ---- That is Authorization.
    Department B can't access the Dept A web resource. ---- That is Confidential.
     
    Frits Walraven
    Creator of Enthuware JWS+ V6
    Saloon Keeper
    Pie
    Posts: 2405
    93
    Android Chrome Eclipse IDE
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Hi Zhixiong,

    Yes, that is the correct way of explaining it.

    Regards,
    Frits
     
    Ankit Garg
    Sheriff
    Posts: 9521
    22
    Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Zhixiong please quote the source of the question. This is not optional...
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic