Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

44 If Alex's organization is one that is primarily made up of off-site, traveling users, what availability risk does integration of critical business applications to on-site authentication create, and how could he solve it?Third-party integration may not be trustworthy; use SSL and digital signatures.If the home organization is offline, traveling users won't be able to access third-party applications; implement a hybrid cloud/local authentication system.Local users may not be properly redirected to the third-party services; implement a local gateway.Browsers may not properly redirect; use host files to ensure that issues with redirects are resolved.

45 What solution can best help address concerns about third parties that control SSO redirects as shown in step 2 in the diagram?An awareness campaign about trusted third partiesTLSHandling redirects at the local siteImplementing an IPS to capture SSO redirect attacks

46 Susan has been asked to recommend whether her organization should use a MAC scheme or a DAC scheme. If flexibility and scalability are important requirements for implementing access controls, which scheme should she recommend and why?MAC, because it provides greater scalability and flexibility because you can simply add more labels as neededDAC, because allowing individual administrators to make choices about the objects they control provides scalability and flexibilityMAC, because compartmentalization is well suited to flexibility and adding compartments will allow it to scale wellDAC, because a central decision process allows quick responses and will provide scalability by reducing the number of decisions required and flexibility by moving those decisions to a central authority

47 Which of the following tools is not typically used to verify that a provisioning process was followed in a way that ensures that the organization's security policy is being followed?Log reviewManual review of permissionsSignature-based detectionReview the audit trail

48 Jessica needs to send information about services she is provisioning to a third-party organization. What standards-based markup language should she choose to build the interface?SAMLSOAPSPMLXACML

49 During a penetration test, Chris recovers a file containing hashed passwords for the system he is attempting to access. What type of attack is most likely to succeed against the hashed passwords?A brute-force attackA pass-the-hash attackA rainbow table attackA salt recovery attack

50 Google's identity integration with a variety of organizations and applications across domains is an example of which of the following?PKIFederationSingle sign-onProvisioning

51 Amanda starts at her new job and finds that she has access to a variety of systems that she does not need to accomplish her job. What problem has she encountered?Privilege creepRights collisionLeast privilegeExcessive privileges

52 When Chris verifies an individual's identity and adds a unique identifier like a user ID to an identity system, what process has occurred?Identity proofingRegistrationDirectory managementSession management

53 Selah wants to provide accountability for actions performed via her organization's main line of business application. What controls are most frequently used to provide accountability in a situation like this? (Select all that apply.)Enable audit logging.Provide every staff member with a unique account and enable multifactor authentication.Enable time- and location-based login requirements.Provide every staff member with a unique account and require a self-selected password.

54 Charles wants to provide authorization services as part of his web application. What standard should he use if he wants to integrate easily with other web identity providers?OpenIDTACACS+RADIUSOAuth

55 The company that Cameron works for uses a system that allows users to request privileged access to systems when necessary. Cameron requests access, and the request is pre-approved due to his role. He is then able to access the system to perform the task. Once he is done, the rights are removed. What type of system is he using?Zero trustFederated identity management Single sign-onJust-in-time access

56 Elle is responsible for building a banking website. She needs proof of the identity of the users who register for the site. How should she validate user identities?Require users to create unique questions that only they will know.Require new users to bring their driver's license or passport in person to the bank.Use information that both the bank and the user have such as questions pulled from their credit report.Call the user on their registered phone number to verify that they are who they claim to be.

57 Susan's organization is part of a federation that allows users from multiple organizations to access resources and services at other federated sites. When Susan wants to use a service at a partner site, which identity provider is used?Susan's home organization's identity providerThe service provider's identity providerBoth their identity provider and the service provider's identity providerThe service provider creates a new identity

58 A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer's account. What type of biometric factor error occurred?A registration errorA Type 1 errorA Type 2 errorA time of use, method of use error

59 What type of access control is typically used by firewalls?Discretionary access controlsRule-based access controlsTask-based access controlMandatory access controls

60 When you input a user ID and password, you are performing what important identity and access management activity?AuthorizationValidationAuthenticationLogin

61 Kathleen works for a data center hosting facility that provides physical data center space for individuals and organizations. Until recently, each client was given a magnetic-strip-based keycard to access the section of the facility where their servers are located, and they were also given a key to access the cage or rack where their servers reside. In the past month, a number of servers have been stolen, but the logs for the passcards show only valid IDs. What is Kathleen's best option to make sure that the users of the passcards are who they are supposed to be?Add a reader that requires a PIN for passcard users.Add a camera system to the facility to observe who is accessing servers.Add a biometric factor.Replace the magnetic stripe keycards with smartcards.

62 Theresa wants to allow her staff to securely store and manage passwords for systems including service accounts and other rarely used administrative credentials. What type of tool should she implement to enable this?Single sign-onA federated identity systemA password managerA multifactor authentication system

63 Olivia wants to limit the commands that a user can run via sudo to limit the potential for privilege escalation attacks. What Linux file should she modify to allow this?The bash .bin configuration fileThe sudoers fileThe bash .allowed configuration fileThe sudont file

64 Which objects and subjects have a label in a MAC model?Objects and subjects that are classified as Confidential, Secret, or Top Secret have a label.All objects have a label, and all subjects have a compartment.All objects and subjects have a label.All subjects have a label and all objects have a compartment.For questions 65–67, please refer to the following scenario and diagram:Chris is the identity architect for a growing e-commerce website that wants to leverage social identity. To do this, he and his team intend to allow users to use their existing Google accounts as their primary accounts when using the e-commerce site. This means that when a new user initially connects to the e-commerce platform, they are given the choice between using their Google account using OAuth 2.0 or creating a new account on the platform using their own email address and a password of their choice.