Authentication control is a security measure used to verify the identity of users before granting access to systems or data. Authentication methods ensure that only authorized individuals can access resources.
Why Option C (Users have to validate their identity with a smart card) is Correct:
Authentication is the process of verifying a user’s identity before granting access.
Smart card authentication is a strong authentication method because it requires a physical device (smart card) and a PIN or biometric verification.
This falls under multi-factor authentication (MFA), enhancing security by combining something the user has (smart card) with something they know (PIN).
Why Other Options Are Incorrect:
Option A (Identity requests are approved in two steps):
Incorrect because this refers to identity approval (authorization), not authentication.
Option B (Logs are checked for misaligned identities and access rights):
Incorrect because log monitoring is a detective control, not an authentication control.
Option D (Functions can be performed based on access rights):
Incorrect because this describes authorization (determining what a user can do after authentication).
IIA GTAG – "Auditing Identity and Access Management": Covers authentication methods like smart cards and multi-factor authentication.
COBIT 2019 – DSS05 (Manage Security Services): Recommends strong authentication controls, including smart card validation.
NIST Cybersecurity Framework – "Access Control Guidelines": Highlights authentication best practices, including smart card use.
IIA References:
