CGRC Question #248: Real Exam Question with Answer & Explanation

The correct answer is A: Authentication. Authentication is the process of verifying the claimed identity of a user, process, or device before granting access to resources within an information system. It ensures that the entity attempting access is who or what it claims to be.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

What is verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system. Response:

Options

AAuthentication
BOrganizational
CCategorization
DVerification

Explanation

Authentication is the process of verifying the claimed identity of a user, process, or device before granting access to resources within an information system. It ensures that the entity attempting access is who or what it claims to be.

Common mistakes.

B. Organizational refers to an entity or structure, not a security process for identity verification.
C. Categorization is the process of classifying information or systems based on their sensitivity or criticality, not verifying identity.
D. Verification is a broad term for checking accuracy or truth, but in the context of access control and identity, 'authentication' is the specific technical term for verifying a claimed identity.

Concept tested. Definition of authentication

Reference. https://csrc.nist.gov/glossary/term/authentication

Topics

#Authentication#Identity Verification#Access Control#Security Controls

Community Discussion

No community discussion yet for this question.

Full CGRC Practice Browse All CGRC Questions