ISC2 CISSP Quiz 11 Topic 5 Questions 51-55

Question: 1

Which of the following is TRUE for an organization that is using a third-party federated identity service?

AThe organization enforces the rules to other organization's user provisioning

BThe organization establishes a trust relationship with the other organizations

CThe organization defines internal standard for overall user identification

DThe organization specifies alone how to authenticate other organization's users

Show Answer

Question: 2

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

Aross-Site Scripting (XSS)

BCross-Site request forgery (CSRF)

CCross injection

DBroken Authentication And Session Management

Show Answer

Question: 3

The core component of Role Based Access control (RBAC) must be constructed of defined data elements, Which elements are requried?

AUsers, permissions, operators, and protected objects

BUsers, rotes, operations, and protected objects

CRoles, accounts, permissions, and protected objects

DRoles, operations, accounts, and protected objects

Show Answer

Question: 4

Which of the following departments initiates the request, approval, and provisioning business process?

AOperations

BHuman resources (HR)

CInformation technology (IT)

DSecurity

Show Answer

Question: 5

Which of the following is strategy of grouping requirements in developing a security Test and Evaluation (ST&E)?

AStandards, policies, and procedures

BDocumentation, observation, and manual

CTactical, strategic, and financial

DManagement, operational, and technical

Show Answer

ISC2 CISSP Quiz:11 Topic:5 Questions:51-55