CISSP : Certified Information Systems Security Professional : Part 13

An organization seeks to use a cloud Identity and Access Management (IAM) provider whose protocols and data formats are incompatible with existing systems. Which of the following techniques addresses the compatibility issue?
- Require the cloud IAM provider to use declarative security instead of programmatic authentication checks
- Integrate a Web-Application Firewall (WAF) in reverse-proxy mode in front of the service provider
- Apply Transport Layer Security (TLS) to the cloud-based authentication checks
- Install an on-premise Authentication Gateway Service (AGS) in front of the service provider
Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?
- Security Assertion Markup Language (SAML)
- Service Oriented Architecture (SOA)
- Extensible Markup Language (XML)
- Wireless Authentication Protocol (WAP)
Which item below is a federated identity standard?
- 802.11i
- Kerberos
- Lightweight Directory Access Protocol (LDAP)
- Security Assertion Markup Language (SAML)
Which of the following problems is not addressed by using Open Authorization Version 2 (OAuth2) to integrate a third-party Identity Provider (IdP) for a service?
- Resource servers are required to use passwords to authenticate end users
- Revocation of access of some users of the third-party instead of all the users from the third-party
- Compromise of the third-party means compromise of all the users in the service
- Guest users need to authenticate with the third-party IdP
An organization implements a Remote Access Server (RAS). Once users connect to the server, digital certificates are used to authenticate their identity. What type of Extensible Authentication Protocol (EAP) would the organization use during this authentication?
- Transport Layer Security (TLS)
- Message Digest 5 (MD5)
- Lightweight Extensible Authentication Protocol (LEAP)
- Subscriber Identity Module (SIM)
During a fingerprint verification process, which of the following is used to verify identity and authentication?
- A pressure value is compared with a stored template
- Sets of digits are matched with stored values
- A hash table is matched to a database of stored value
- A template of minutiae is compared with a stored template
In Identity Management (IdM), when is the verification stage performed?
- As part of system sign-on
- Before creation of the identity
- After revocation of the identity
- During authorization of the identity
For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following?
- Access Control
- Account Management
- Authentication
- Authorization
What is the BEST way to establish identity over the Internet?
- Challenge Handshake Authentication Protocol (CHAP) and strong passwords
- Remote Authentication Dial-In User Service (RADIUS) server with hardware tokens
- Internet Message Access Protocol (IMAP) with Triple Data Encryption Standard (3DES)
- Remote user authentication via Simple Object Access Protocol (SOAP)
Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?
- Remote Authentication Dial-In User Service (RADIUS)
- Terminal Access Controller Access Control System Plus (TACACS+)
- Open Authorization (OAuth)
- Security Assertion Markup Language (SAML)
The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?
- Two-factor authentication (2FA)
- Single sign-on (SSO)
- User self-service
- A metadirectory
Which of the following will accomplish Multi-Factor Authentication (MFA)?
- Issuing a smart card with a user-selected Personal Identification Number (PIN)
- Requiring users to enter a Personal Identification Number (PIN) and a password
- Performing a palm and retinal scan
- Issuing a smart card and a One Time Password (OTP) token
Which of the following is of GREATEST assistance to auditors when reviewing system configurations?
- Change management processes
- User administration procedures
- Operating System (OS) baselines
- System backup documentation
In which of the following programs is it MOST important to include the collection of security process data?
- Quarterly access reviews
- Security continuous monitoring
- Business continuity testing
- Annual security training
A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?
- Host VM monitor audit logs
- Guest OS access controls
- Host VM access controls
- Guest OS audit logs
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
- Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken
- Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability
- Management teams will understand the testing objectives and reputational risk to the organization
- Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels
Which of the following could cause a Denial of Service (DoS) against an authentication system?
- Encryption of audit logs
- No archiving of audit logs
- Hashing of audit logs
- Remote access audit logs
Which type of test would an organization perform in order to locate and target exploitable defects?
- Penetration
- System
- Performance
- Vulnerability
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
- To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
- To validate backup sites’ effectiveness
- To find out what does not work and fix it
- To create a high level DRP awareness among Information Technology (IT) staff
When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?
- Ping testing
- Mapping tools
- Asset register
- Topology diagrams

CISSP : Certified Information Systems Security Professional : All Parts
CISSP Part 01	CISSP Part 08	CISSP Part 15	CISSP Part 22
CISSP Part 02	CISSP Part 09	CISSP Part 16	CISSP Part 23
CISSP Part 03	CISSP Part 10	CISSP Part 17	CISSP Part 24
CISSP Part 04	CISSP Part 11	CISSP Part 18	CISSP Part 25
CISSP Part 05	CISSP Part 12	CISSP Part 19	CISSP Part 26
CISSP Part 06	CISSP Part 13	CISSP Part 20	CISSP Part 27
CISSP Part 07	CISSP Part 14	CISSP Part 21	CISSP Part 28

CISSP : Certified Information Systems Security Professional : All Parts
CISSP Part 01	CISSP Part 08	CISSP Part 15	CISSP Part 22
CISSP Part 02	CISSP Part 09	CISSP Part 16	CISSP Part 23
CISSP Part 03	CISSP Part 10	CISSP Part 17	CISSP Part 24
CISSP Part 04	CISSP Part 11	CISSP Part 18	CISSP Part 25
CISSP Part 05	CISSP Part 12	CISSP Part 19	CISSP Part 26
CISSP Part 06	CISSP Part 13	CISSP Part 20	CISSP Part 27
CISSP Part 07	CISSP Part 14	CISSP Part 21	CISSP Part 28

CISSP : Certified Information Systems Security Professional : Part 13

An organization seeks to use a cloud Identity and Access Management (IAM) provider whose protocols and data formats are incompatible with existing systems. Which of the following techniques addresses the compatibility issue?

Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

Which item below is a federated identity standard?

Which of the following problems is not addressed by using Open Authorization Version 2 (OAuth2) to integrate a third-party Identity Provider (IdP) for a service?

An organization implements a Remote Access Server (RAS). Once users connect to the server, digital certificates are used to authenticate their identity. What type of Extensible Authentication Protocol (EAP) would the organization use during this authentication?

During a fingerprint verification process, which of the following is used to verify identity and authentication?

In Identity Management (IdM), when is the verification stage performed?

For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following?

What is the BEST way to establish identity over the Internet?

Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?

The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?

Which of the following will accomplish Multi-Factor Authentication (MFA)?

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

In which of the following programs is it MOST important to include the collection of security process data?

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Which of the following could cause a Denial of Service (DoS) against an authentication system?

Which type of test would an organization perform in order to locate and target exploitable defects?

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?