File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Security Mock question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Security Mock question" Watch "Security Mock question" New topic
Author

Security Mock question

Zhixiong Pan
Ranch Hand

Joined: Jan 25, 2006
Posts: 239
An organisation hosts a web application and assigns individual username/ password to all its employees, together with a set of access rights so that users of a particular department are unable to access data related to any other department. Which security mechanism is employed by this organisation? (select one correct answer)
A) Data Integrity
B) Confidentiality
C) Authentication
D) Authorization
E) Only A and B options
F) Only B and C
G) Only C and D
H) Only B, C and D
E) A, B, C and D

hi ranchers,

The correct answer is H, but I am confused why the "Confidentiality" is also used here.

Thanks.

SCJP 1.4 SCJD
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Don't forget to QuoteYourSources.


[My Blog]
All roads lead to JavaRanch
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1712
    
  25

Zhixiong,

Using the following definitions:
  • Authentication: identifying a party to a web-application
  • Authorization: what the identified party is allowed to do within a web-application
  • Data integrity: the means used to prove that information has not been modified by a third party while in transit
  • Data privacy: the means to ensure that information is made available only to users who are authorized to access it

  • then the following apply: Authentication, Authorization, Data privacy
    Confidentiality is just another word for Data privacy.

    Regards,
    Frits
    Zhixiong Pan
    Ranch Hand

    Joined: Jan 25, 2006
    Posts: 239
    Thanks Frits, can I understand your meaning as the following example?
    Department A can access the Dept A web resource. ---- That is Authorization.
    Department B can't access the Dept A web resource. ---- That is Confidential.
    Frits Walraven
    Creator of Enthuware JWS+ V6
    Bartender

    Joined: Apr 07, 2010
    Posts: 1712
        
      25

    Hi Zhixiong,

    Yes, that is the correct way of explaining it.

    Regards,
    Frits
    Ankit Garg
    Sheriff

    Joined: Aug 03, 2008
    Posts: 9313
        
      17

    Zhixiong please quote the source of the question. This is not optional...


    SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Security Mock question