Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 413 discussion

Actual exam question from ISC's CISSP
Question #: 413
Topic #: 1
[All CISSP Questions]

Single sign-on (SSO) for federated identity management (FIM) must be implemented and managed so that authorization mechanisms protect access to privileged information using OpenID Connect (OIDC) token or Security Assertion Markup Language (SAML) assertion. What is the BEST method to use to protect them?

  • A. Pass data in a bearer assertion, only signed by the identity provider.
  • B. Tokens and assertion should use base64 encoding to assure confidentiality.
  • C. Use a challenge and response mechanism such as Challenge Handshake Authentication Protocol (CHAP).
  • D. The access token or assertion should be encrypted to ensure privacy.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by mccoy at March 11, 2023, 9:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Soleandheel
11 months, 2 weeks ago
D. The access token or assertion should be encrypted to ensure privacy. Encrypting the access token or assertion helps ensure the confidentiality and privacy of the data being transmitted. This is especially important when dealing with sensitive information, such as privileged access to systems or resources. Encryption ensures that only authorized parties can decrypt and access the data, protecting it from eavesdropping and unauthorized disclosure.
upvoted 2 times
...
mccoy
1 year, 8 months ago
D. The access token or assertion should be encrypted to ensure privacy. To protect access to privileged information, it is important to ensure that the authorization mechanisms are secure and that sensitive data, such as OpenID Connect (OIDC) tokens or Security Assertion Markup Language (SAML) assertions, are not accessible to unauthorized users. Encryption is the best method to protect sensitive data, ensuring that it remains private and confidential. By encrypting the access token or assertion, only authorized parties with the appropriate decryption keys will be able to read and access the data. Passing data in a bearer assertion, only signed by the identity provider (option A) may be secure to some extent, but it does not provide the same level of confidentiality as encryption. Similarly, base64 encoding (option B) is not encryption, and the encoded data can be easily decoded by anyone with access to the encoding algorithm. Using a challenge and response mechanism (option C) may provide authentication, but it does not ensure the privacy and confidentiality of the data being transmitted. (chatGPT)
upvoted 3 times
jackdryan
1 year, 6 months ago
Going with D
upvoted 2 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel