ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 252 discussion

Actual exam question from ISC's CISSP
Question #: 252
Topic #: 1
[All CISSP Questions]

Which of the following methods provides the MOST protection for user credentials?

  • A. Forms-based authentication
  • B. Self-registration
  • C. Basic authentication
  • D. Digest authentication
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Stevooo at Sept. 6, 2022, 9:33 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Stevooo
Highly Voted 1 year ago
Selected Answer: D
D - Digest Authentication is the best option here as it does not require the password to be transmitted. Rather, the client takes the username and password and uses the MD5 hashing algorithm to create a hash, which is then sent to the SQL Server. The given answer, Form-based authentication is not particularly secure as the content of the user dialog box is sent as plain text, and the target server is not authenticated. This form of authentication can expose your user names and passwords unless all connections are over SSL.
upvoted 16 times
jackdryan
3 months, 4 weeks ago
D is correct
upvoted 1 times
...
...
Stevooo
Highly Voted 1 year ago
D - Digest Authentication is the best option here as it does not require the password to be transmitted. Rather, the client takes the username and password and uses the MD5 hashing algorithm to create a hash, which is then sent to the SQL Server. The given answer, Form-based authentication is not particularly secure as the content of the user dialog box is sent as plain text, and the target server is not authenticated. This form of authentication can expose your user names and passwords unless all connections are over SSL.
upvoted 9 times
...
Dee83
Most Recent 7 months, 2 weeks ago
D. Digest authentication Digest authentication is a type of authentication that provides a secure way for users to provide their credentials to a server. Digest authentication uses a one-way hash function to encrypt the user's password and a unique value, called a nonce, generated by the server to create a digest. The digest is then sent to the server, where it can be compared to the stored hash value to verify the user's identity. Because the password is never sent in clear text, it provides a higher level of protection against eavesdropping and replay attacks compared to other forms of authentication such as Basic authentication
upvoted 2 times
...
BP_lobster
9 months, 4 weeks ago
Selected Answer: D
In general Digest Authentication is preferred to Basic Authentication. HOWEVER if HTTPs is used Basic Authentication is often preferred (i.e. order of preference is; 1. Basic Authentication + TLS 2. Digest Authentication 3. Basic Authentication alone (worst option) )
upvoted 1 times
...
Yanjun
12 months ago
If the precondition is http, not https, Digest Authentication is the best option
upvoted 2 times
...
GregP
12 months ago
Forms based is sort of ok if the form itself is ssl/tls but not great otherwise. D for me.
upvoted 2 times
...
ygc
12 months ago
should be A, the B,C,D are not relationship with the user credentials.
upvoted 1 times
...
kdkdk
1 year ago
I choose D
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago