ISC2 CISSP Quiz 11 Topic 5 Questions 51-55

Question: 1

Which of the following is TRUE for an organization that is using a third-party federated identity service?

AThe organization enforces the rules to other organization's user provisioning

BThe organization establishes a trust relationship with the other organizations

CThe organization defines internal standard for overall user identification

DThe organization specifies alone how to authenticate other organization's users

Show Answer

Question: 2

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

Aross-Site Scripting (XSS)

BCross-Site request forgery (CSRF)

CCross injection

DBroken Authentication And Session Management

Show Answer

Question: 3

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

Aross-Site Scripting (XSS)

BCross-Site request forgery (CSRF)

CCross injection

DBroken Authentication And Session Management

Show Answer

Question: 4

Match the types of e-authentication tokens to their description.

ADrag each e-authentication token on the left to its corresponding description on the right.

BLook-up secret token - A physical or electronic token that stores a set of secrets between the claimant and the credential service provider

COut-of-Band Token - A physical token that is uniquely addressable and can receive a verifier-selected secret for one-time use

DPre-registered Knowledge Token - A series of responses to a set of prompts or challenges established by the subscriber and credential service provider during the registration process
Memorized Secret Token - A secret shared between the subscriber and credential service provider that is typically character strings

Show Answer

Question: 5

Which of the following departments initiates the request, approval, and provisioning business process?

AOperations

BHuman resources (HR)

CInformation technology (IT)

DSecurity

Show Answer

ISC2 CISSP Quiz:11 Topic:5 Questions:51-55