Which of the following is NOT a component of access control?
Which of the following is NOT a component of access control?
Federation is not a component of access control. Access control typically involves the processes of authentication, authorization, and accounting, commonly referred to as AAA. Authentication is the process of verifying the identity of a user, authorization determines what an authenticated user is allowed to do, and accounting tracks the actions of the user. Federation, on the other hand, deals with sharing identities across different systems or organizations, enabling users to access services across different domains without needing separate credentials.
I have never ever heard of accounting as being a formal Cyber term used in context of Access Control. Federation is the better answer IMO.
B. Federation
as per the ccsp cbk access control = AAA
the loosely and i mean loosely associate account with auditing i guess accounting as been able to track
B is correct
Accounting is Audit Logging.
Lear about AAA before you go for exam, it does not help you Certificate if you have no idea about AAA
A: Accounting
I agree about Xaccan. If you know AAA (Authentication, Authorization, and Accounting), then you'll know it is Federation that does not belong here.
Access control consists of three primary components, often referred to as AAA (Authentication, Authorization, and Accounting): Authentication (D) → Verifies the identity of a user (e.g., passwords, biometrics). Authorization (C) → Determines what resources a user can access based on policies. Accounting (A) → Tracks and logs user actions for auditing and compliance. Federation refers to a system that allows identity sharing across multiple organizations or systems (e.g., SAML, OAuth). While federated identity management supports access control, federation itself is not one of the three core access control components (AAA).