118 Chapter 5 ■ dentity and Access Management (Domain 5)I
- When the e-commerce application creates an account for a Google user, where should that
user’s password be stored?
A. The password is stored in the e-commerce application’s database.
B. The password is stored in memory on the e-commerce application’s server.
C. The password is stored in Google’s account management system.
D. The password is never stored; instead, a salted hash is stored in Google’s account
management system.
6 7. Which system or systems is/are responsible for user authentication for Google users?
A. The e-commerce application.
B. Both the e-commerce application and Google servers.
C. Google servers.
D. The diagram does not provide enough information to determine this.
- What type of attack is the creation and exchange of state tokens intended to prevent?
A. XSS
B. CSRF
C. SQL injection
D. X ACML - Questions like “What is your pet’s name?” are examples of what type of identity proofing?
A. Knowledge-based authentication
B. Dynamic knowledge-based authentication
C. Out-of-band identity proofing
D. A Type 3 authentication factor - Lauren builds a table that includes assigned privileges, objects, and subjects to manage
access control for the systems she is responsible for. Each time a subject attempts to access
an object, the systems check the table to ensure that the subject has the appropriate rights
to the objects. What type of access control system is Lauren using?
A. A capability table
B. An access control list
C. An access control matrix
D. A subject/object rights management system - During a review of support incidents, Ben’s organization discovered that password changes
accounted for more than a quarter of its help desk’s cases. Which of the following options
would be most likely to decrease that number significantly?
A. Two-factor authentication
B. Biometric authentication
C. Self-service password reset
D. Passphrases