• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Doubt in security: authorization and confidentiality

 
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Below is a question from http://www.cafe4java.com

An organisation hosts a web application and assigns individual username/ password to all its employees, together with a set of access rights so that users of a particular department are unable to access data related to any other department. Which security mechanism is employed by this organisation? (select one correct answer)
A) Data Integrity
B) Confidentiality
C) Authentication
D) Authorization
E) Only A and B options
F) Only B and C
G) Only C and D
H) Only B, C and D
E) A, B, C and D

Answer given is H, would G be a better answer?
 
Ranch Hand
Posts: 115
Eclipse IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Answer is G.

"provide username/password" --> Authentication

"users of a particular department are unable to access data related to any other department" --> Authorization

Thanks & Regards,
 
Joshua Antony
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So the answer is G not H, right?
 
Devi Sri
Ranch Hand
Posts: 115
Eclipse IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes. Answer is G only.

Nothing has been mentioned regarding Confidentiality or Integrity.

By the way, where from you have taken this question ?
 
Joshua Antony
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As mentioned in my original post : http://www.cafe4java.com
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I also think G (Authentication and Authorization) is a better answer. I cannot see clues in the wording that suggest the use of 'Confidentiality'.

Unless you consider that '...so that users of a particular department are unable to access data related to any other department' means that a member of one department could install a network sniffer to access other department's data...

But I don't think you should suppose such scenarios if the question doesn't mention it.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As Jose mentions, it depends on the definition of "confidentiality". It could mean to prevent anyone who is not authorized to see the data from seeing it (in which case the line is blurred between authorization and confidentiality), or it could mean preventing eavesdropping (by using SSL or some other form of encryption).
 
What are your superhero powers? Go ahead and try them on this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic