Certificate of Cloud Security Knowledge (CCSK) — Question 21

Which of the following statements best defines the "authorization" as a component of identity, entitlement, and access management?

Answer options

• A. The process of specifying and maintaining access policies
• B. Checking data storage to make sure it meets compliance requirements
• C. Giving a third party vendor permission to work on your cloud solution
• D. Establishing/asserting the identity to the application
• E. Enforcing the rules by which access is granted to the resources

Correct answer: E

Explanation

The correct answer, E, accurately describes authorization as the enforcement of rules that dictate how resources are accessed. Option A relates to policy management but does not capture the enforcement aspect. Option B focuses on compliance rather than access control, while C and D discuss permissions and identity confirmation, respectively, which are not central to the definition of authorization.