CISSP PRACTICE QUESTIONS – 20191213

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. A team in-house is in charge of developing a web-based E-Commerce system that supports the new business. The team is evaluating the authentication solution. Which of the following is the least feasible?
A. Use the ‘Basic’ HTTP authentication encoded with Base64 but not encrypted
B. Use HTTP Digest access authentication that relies on browser implementation
C. Implement Kerberos to protect passwords and facilitate single sign-on (SSO)
D. Develop a proprietary mechanism by sending an HTML form via HTTP POST in clear text


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Implement Kerberos to protect passwords and facilitate single sign-on (SSO).

  • The ‘Basic’ HTTP authentication is defined in RFC 7617.
  • The HTTP Digest access authentication is defined in RFC 7616.
  • HTTP+HTML form-based authentication is the most common way to authenticate web users nowadays. Most of the web applications craft their own login form in HTML and send the credentials (using HTTP POST or GET method) to the web server for authentication.
  • Kerberos requires security domains, trusts, cryptography, and so forth. It works primarily in the setting of LAN. It’s not suitable for browsers that natively support HTML, HTTP, and HTTPS. Besides, most of the Kerberos implementations rely on Remote Procedure Call (RPC), which is typically blocked by firewalls. As a result, Kerberos is the least feasible to authenticate internet users.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.