Free ISC2 CC Certified in Cybersecurity Actual Exam Questions - Question 6 Discussion

It’s D because authentication is the process that verifies the user’s identity after they provide a user ID and password, not just checking if the input looks right like validation does.

It’s about confirming who you are, so D feels right here.

It’s A for me because validation is about checking if the entered user ID and password meet required standards before granting access, which happens right after input but before actual authentication.

I’d rule out B and C since authorization deals with permissions after login, and login is the whole process, not just the ID/password check. So it’s really between A and D, but validation feels too basic for identity confirmation.

D imo, authentication is the precise step where the system confirms your ID matches the password, while login is broader and authorization is about permissions after that.

A imo, because when you provide a user ID and password, the system first has to check if those inputs are valid before even trying to confirm your identity. Authentication is about confirming who you are after that, but the primary function here starts with validating the credentials themselves. Without validation, authentication can’t happen properly. So while authentication is important, validation feels like the essential first step in this context.

D/C? I see authentication as the key step since it’s about verifying the user’s identity, while login is more like the whole process including authentication and session start.

A vs D? Validation (A) might seem like checking credentials quickly, but it’s really just ensuring the input looks right, not confirming identity. Authentication (D) is the actual process where the system verifies the user ID and password match what's stored. So, even if login sounds tempting as the overall process, the primary IAM function when providing credentials is authentication.

A imo, validation is more about checking if the input format is correct, but it doesn’t confirm who the user really is. Authentication actually confirms identity with those credentials, so D still makes the most sense here.

Think about it this way: authentication confirms identity, so D.

D, since authorization decides what you can access after authentication.

Option D makes the most sense here because authentication is the actual process of verifying who you are using credentials like a user ID and password. Login is just the act of submitting those credentials, which doesn’t guarantee identity confirmation by itself. Authorization (B) happens after authentication, deciding what you can do once identity is established. Validation (A) is more about checking if input meets certain rules, not about proving identity. So primary function when giving user ID and password is definitely authentication.

D vs C — authentication confirms identity; login is just the step of entering credentials.

D/C? Authentication is definitely about confirming identity using credentials like user ID and password, but login is the actual action of entering those credentials to access the system. Validation feels off because it’s more about checking input format. Authorization comes after authentication, so not primary here. So, it’s really about whether the question wants the process (authentication) or the act (login) itself. But since they say "PRIMARY identity and access management function," I’d go with authentication as the main concept behind verifying who you are.

A. I think validation fits better because when you enter a user ID and password, the system is basically checking if those credentials match what’s stored. Authentication sounds broader, like confirming your identity beyond just matching credentials. The question says “primary function,” and that’s really the matching step, which is validation.

Maybe A since validation is the step where you actually check if the user ID and password match the stored data. Authentication is broader, but validation is the key function with those credentials.

I get why some say A for validation since you do check the credentials, but validation feels more like a subset of what happens during authentication. Authentication is the broader process that confirms who you are by verifying user ID and password, so it seems like the main function here. C and B don’t fit as well since login is the action, not the function, and authorization is what happens after identity is confirmed. Does the question mean the function behind the scenes or just the basic step users do? That could change things a bit.

Maybe A, since validation checks if credentials are correct before access.

D. Authentication seems like the main function when you provide a user ID and password, right?