ISC2 CISSP Quiz 11 Topic 5 Questions 51-55

Question: 1

Which of the following is TRUE for an organization that is using a third-party federated identity service?

AThe organization enforces the rules to other organization's user provisioning

BThe organization establishes a trust relationship with the other organizations

CThe organization defines internal standard for overall user identification

DThe organization specifies alone how to authenticate other organization's users

Show Answer

Question: 2

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

Aross-Site Scripting (XSS)

BCross-Site request forgery (CSRF)

CCross injection

DBroken Authentication And Session Management

Show Answer

Question: 3

Which of the following is a characteristic of a challenge/respones authentication process?

APresenting distorted graphics of text for authentication

BTransmitting a hash based on the user's password

CUsing a password history blacklist

DRequiring the use of non-consecutive numeric characters

Show Answer

Question: 4

What balance MUST be considered when web application developers determine how information application error message should be constructed?

ARisk versus benefit

BAvailability versus auditability

CPerformance versus user satisfaction

DConfidentially versus integrity

Show Answer

Question: 5

In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin'

ADevelopment/Acquisition

BInitiation

CImplementation/ Assessment

DDisposal

Show Answer

ISC2 CISSP Quiz:11 Topic:5 Questions:51-55