issuhub.com

CISSP Official Practice Tests by Mike Chapple, David Seidl

(chelsyfait) #1

Chapter 5 ■ dentity and Access Management (Domain 5)I 113



  1. Alex is concerned about eavesdropping on the SAML traffic and also wants to ensure
    that forged assertions will not be successful. What should he do to prevent these potential
    attacks?
    A. Use SAML’s secure mode to provide secure authentication.
    B. Implement TLS using a strong cipher suite, which will protect against both types of
    attacks.
    C. Implement TLS using a strong cipher suite and use digital signatures.
    D. Implement TLS using a strong cipher suite and message hashing.

  2. If Alex’s organization is one that is primarily made up of offsite, traveling users, what
    availability risk does integration of critical business applications to onsite authentication
    create, and how could he solve it?
    A. Third-party integration may not be trustworthy; use SSL and digital signatures.
    B. If the home organization is offline, traveling users won’t be able to access third-party
    applications; implement a hybrid cloud/local authentication system.
    C. Local users may not be properly redirected to the third-party services; implement a
    local gateway.
    D. Browsers may not properly redirect; use host files to ensure that issues with redirects
    are resolved.

  3. What solution can best help address concerns about third parties that control SSO redi-
    rects as shown in step 2 in the diagram?
    A. An awareness campaign about trusted third parties
    B. TLS
    C. Handling redirects at the local site
    D. Implementing an IPS to capture SSO redirect attacks

  4. Susan has been asked to recommend whether her organization should use a MAC scheme
    or a DAC scheme. If flexibility and scalability are important requirements for implement-
    ing access controls, which scheme should she recommend and why?
    A. MAC, because it provides greater scalability and flexibility because you can simply
    add more labels as needed
    B. DAC, because allowing individual administrators to make choices about the objects
    they control provides scalability and flexibility
    C. MAC, because compartmentalization is well suited to flexibility and adding compart-
    ments will allow it to scale well
    D. DAC, because a central decision process allows quick responses and will provide scal-
    ability by reducing the number of decisions required and flexibility by moving those
    decisions to a central authority

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.