Your company is selling toys online and ships globally. The business has been supported by a 3-tier web system for around four years. To improve transaction performance, the database server is equipped with a RAID 5 storage composed of three 1TB SSDs (solid-state drive) with 3 years of MTBF (mean time between failure) and warranty. The newly recruited system administrator is planning for replacing the SSDs with new ones in higher capacity. The customer data in the database is classified as confidential. Which of the following is the best way to address this issue?
A. Consult the information system owner
B. Destroy the media to avoid disclosure of information
C. Engage the maintenance provider and exchange the SSDs for warranty or cost rebate
D. Upgrade the RAID storage to five 2TB SSDs with 5 years of MTBF
The identity of a principal is stored in the Identity Provider (IdP), trusted by service providers (SP) which conversely rely on the identity information from the IdP as they may not manage or maintain a directory of identities.
IdP-initiated SSO refers to the scenario that the subject is authenticated by the IdP first, then gets access to the resources on the service providers.
SP-initiated SSO refers to the scenario that an unauthenticated principal requests the resources on the service providers and is redirected to the IdP for authentication.
A subject authenticated by the IdP can roam among the SPs.
The system entities engaged in a federation manage their own directory. The identity information is mapped (not synchronized or replicated) across the directories in the federation.
A subject authenticated by any of the system entities can roam in the federation.
Your company usually holds meetings with partners, suppliers, or consultants in the meeting rooms on the 1st floor, a public workspace isolated from the internal network. However, employees need to connect their devices to the internal network for business purpose. You are evaluating VPN solutions that use the multi-factor authentication (MFA) to address this issue. Which of the following authentication mechanisms best meets your requirement?
D. OIDC (OpenID Connect)
C. Smart card with the user’s private key protected by a cognitive password
D. SAML (Security Assertion Markup Language)
Identity as a Service (IDaaS) is an authentication infrastructure that is built, hosted and managed by a third-party service provider. IDaaS can be thought of as single sign-on (SSO) for the cloud.
An IDaaS for the enterprise is typically purchased as a subscription-based managed service. A cloud service provider may also host applications for a fee and provide subscribers with role-based access to specific applications or even entire virtualized desktops through a secure portal.
There are many visitors and employees holding meetings in the meeting rooms in your company. Oftentimes, they need to plug their laptops to the Ethernet ports in the meeting room or connect to the wireless access points to get access to the internet for business purpose. You are evaluating the Network Access Protection (NAP) solutions. Which of the following is the least feasible?
A. Maintain a white list for MAC filtering
B. Implement 802.1X or EAP over LAN
C. Enable DHCP snooping
D. Use VLAN to isolate traffic
Your company finished conducting an asset inventory. As the head of the sales department, you are assigned as the data owner of the customer master data, which you then classified as privacy according to the classification scheme. You are now authorizing employees to access the customer data based on their duty. Which of the following security models is most likely used to support the task?
A. Clark-Wilson Model
B. Take-Grant Model
C. Biba Model
D. Brewer and Nash Model
Both S/MIME and PGP support protecting the encryption/session key using the public-key encryption. At the conceptual level, S/MIME and PGP apply. The diagram is an excerpt from Wikipedia and I think that’s why PGP is the answer.
The session key in S/MIME can be exchanged through:
Key transport by public-key encryption (supported by CA)