ISC2 CISSP Quiz 11 Topic 5 Questions 51-55

Question: 1

Which of the following is TRUE for an organization that is using a third-party federated identity service?

AThe organization enforces the rules to other organization's user provisioning

BThe organization establishes a trust relationship with the other organizations

CThe organization defines internal standard for overall user identification

DThe organization specifies alone how to authenticate other organization's users

Show Answer

Question: 2

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

Aross-Site Scripting (XSS)

BCross-Site request forgery (CSRF)

CCross injection

DBroken Authentication And Session Management

Show Answer

Question: 3

Which of the following is an initial consideration when deveoping an information security management system (ISMS)?

AIdentify the contractual security obligations that apply to the organizations

BUnderstand the value of the information assets

CIdentify the level of resioual risk lhat is tolerable to management

DIdentify relevant legislative and regulatory compliance requirements

Show Answer

Question: 4

Why are mobile devices sometimes difficult to investigate in a forensic examination?

AThere are no forensic tools available for examination.

BThey may have proprietary software installed to protect them.

CThey have password-based security at logon.

DThey may contain cryptographic protection.

Show Answer

Question: 5

Which of the following is the GREATEST security risk associated with the use of identity as a service (IDaaS) when an organization is developing its own software?

AIncreased likelihood of confidentiality breach

BDenial of access due to reduced availability

CSecurity Assertion Markup Language (SAML) integration

DIncompatibility with Federated Identity Management (FIM)

Show Answer

ISC2 CISSP Quiz:11 Topic:5 Questions:51-55