ExpertEasy1 markMultiple Choice
CPA · Question 74 · Area II: Security
What is the difference between 'Authentication' and 'Authorization'?
What is the difference between 'Authentication' and 'Authorization'?
Answer options:
A.
They are synonyms.
B.
Authentication is for internal users; Authorization is for external users.
C.
Authentication verifies identity (Who are you?); Authorization verifies permissions (What can you do?).
D.
Authentication happens after Authorization.
How to approach this question
AuthN = Who. AuthZ = What.
Full Answer
C.Authentication verifies identity (Who are you?); Authorization verifies permissions (What can you do?).✓ Correct
C
Authentication (AuthN) is the process of verifying the identity of a user (e.g., password). Authorization (AuthZ) is the process of determining what that authenticated user is allowed to access (e.g., read-only vs admin).
Common mistakes
Using the terms interchangeably.
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium