Certified Cloud Security Professional – CCSP – Question371

Which of the following is NOT a component of access control?

A.
Accounting
B. Federation
C. Authorization
D. Authentication

Correct Answer: B

Explanation:

Explanation: Federation is not a component of access control. Instead, it is used to allow users possessing credentials from other authorities and systems to access services outside of their domain. This allows for access and trust without the need to create additional, local credentials. Access control encompasses not only the key concepts of authorization and authentication, but also accounting. Accounting consists of collecting and maintaining logs for both authentication and authorization for operational and regulatory requirements.