Chapter 5 ■ dentity and Access Management (Domain 5)I 113
- Alex is concerned about eavesdropping on the SAML traffic and also wants to ensure
that forged assertions will not be successful. What should he do to prevent these potential
attacks?
A. Use SAML’s secure mode to provide secure authentication.
B. Implement TLS using a strong cipher suite, which will protect against both types of
attacks.
C. Implement TLS using a strong cipher suite and use digital signatures.
D. Implement TLS using a strong cipher suite and message hashing. - If Alex’s organization is one that is primarily made up of offsite, traveling users, what
availability risk does integration of critical business applications to onsite authentication
create, and how could he solve it?
A. Third-party integration may not be trustworthy; use SSL and digital signatures.
B. If the home organization is offline, traveling users won’t be able to access third-party
applications; implement a hybrid cloud/local authentication system.
C. Local users may not be properly redirected to the third-party services; implement a
local gateway.
D. Browsers may not properly redirect; use host files to ensure that issues with redirects
are resolved. - What solution can best help address concerns about third parties that control SSO redi-
rects as shown in step 2 in the diagram?
A. An awareness campaign about trusted third parties
B. TLS
C. Handling redirects at the local site
D. Implementing an IPS to capture SSO redirect attacks - Susan has been asked to recommend whether her organization should use a MAC scheme
or a DAC scheme. If flexibility and scalability are important requirements for implement-
ing access controls, which scheme should she recommend and why?
A. MAC, because it provides greater scalability and flexibility because you can simply
add more labels as needed
B. DAC, because allowing individual administrators to make choices about the objects
they control provides scalability and flexibility
C. MAC, because compartmentalization is well suited to flexibility and adding compart-
ments will allow it to scale well
D. DAC, because a central decision process allows quick responses and will provide scal-
ability by reducing the number of decisions required and flexibility by moving those
decisions to a central authority