Authorization and Access Control Quiz

Questions and Answers

PDF Questions PDF Answers

What is the main purpose of authorization in the context of access control?

To complete identification and authentication

To specify where the party should be allowed or denied access (correct)

To manage access at a granular level

To implement access controls

What concept enables us to manage access at a more granular level?

Identification

Authorization

Principle of least privilege

Access control (correct)

What does the principle of least privilege dictate?

We should only allow access after identification

We should allow maximum access to a party

We should deny all access to a party

We should only allow the bare minimum of access to a party (correct)

What are the basic tasks we might want to carry out when we look at access controls?

Allowing access, denying access, limiting access, revoking access

What does allowing access in the context of access controls enable us to do?

Give a particular party, or parties, access to a given resource