Authorization — CISSP Practice Questions
Authorization is the process of determining what an authenticated subject is permitted to do or access within a system, occurring after identification and authentication are complete. The CISSP exam places authorization within the Identity and Access Management domain and tests candidates on how authorization decisions are implemented through access control lists, capability tables, and security labels. Candidates must understand the distinction between authorization and authentication, as confusing the two is a common exam pitfall. Understanding delegation, privilege escalation risks, and the principle of least privilege are all closely tied to authorization concepts tested on the exam.
Free questions on authorization
Which type of access control makes authorization decisions based on attributes of the subject, resource, and environment?
Free question · medium · full answer + explanation
More authorization questions in the full bank
- In database security, what is the primary benefit of applying the principle of least privilege? Unlock answer & explanation →
- Which practice ensures that a user's action (like a purchase) is authorized before execution? Unlock answer & explanation →
- A security team conducts penetration testing with authorization from management. Which type of assessment is this? Unlock answer & explanation →