Effective CISSP Questions

A new business partner is applying for a VPN account in your company to work remotely. However, the password settings for partners are the same as those for employees. As a security professional, you consider the risk is higher for remote partners than inside workers, and the system administrator should provision password settings at a stricter and fine-grained level. A system administrator created a new account, generated a password randomly, and text him a URL in his mobile phone to activate the account. Which of the following should be considered most in terms of the provisioning process?
A. Identity Assurance Levels (IAL)
B. Authenticator Assurance Levels (AAL)
C. Federation Assurance Levels (FAL)
D. Evaluation Assurance Levels (EAL)

Continue reading

SAML Web Browser SSO (IdP-Initiated)

SAML Web Browser SSO (IdP-Initiated)

Broadly speaking, there are two scenarios in the Web Browser SSO Profile, IDP-initiated SSO and SP-initiated SSO. This diagram introduces the message flows of the IdP-Initiated SSO.


  1. Authentication statements
  2. Attribute statements
  3. Authorization decision statements


  1. Authentication Request Protocol
  2. Single Logout Protocol
  3. Assertion Query and Request Protocol
  4. Artifact Resolution Protocol
  5. Name Identifier Management Protocol
  6. Name Identifier Mapping Protocol


  1. HTTP Redirect Binding
  2. HTTP POST Binding
  3. HTTP Artifact Binding
  4. SAML SOAP Binding
  5. Reverse SOAP (PAOS) Binding
  6. SAML URI Binding


  • Web Browser SSO Profile
  • Enhanced Client and Proxy (ECP) Profile
  • Identity Provider Discovery Profile
  • Single Logout Profile
  • Others

Fine-Grained Password Policy (FGPP)


The fine-grained password policy (FGPP) is specific to Microsoft Active Directory. The password settings in a group policy object (GPO) are applied at the domain level only. If you have multiple organizational units (OU or departments) or groups, you cannot enforce password settings at the OU or group level. That’s why the fine-grained policy comes in. By modifying the Active Directory schema, the AD administrators can apply password settings at a smaller granular level.