CISSP PRACTICE QUESTIONS – 20200302

Your company sells toys online and ships globally. After a customer is authenticated, the client browser receives the following HTTP response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  “sub”: “VIP202003010001”,
  “name”: “Alice”,
  “email”: “alice@effectivecissp.com”,
  “picture”: “http://effectivecissp.com/i/alice.jpg
}

Which of the following best describes the protocol or standard the website supports?
A. Federated Identity Management (FIM)
B. Security Assertion Markup Language (SAML)
C. OIDC (OpenID Connect)
D. SSO (Single Sign-On)


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. OIDC (OpenID Connect).

SAML is an XML-based protocol, while OIDC is JSON-based. The HTTP response is an OIDC ID Token composed of claims or assertions in the format of JSON.

Federated Identity Management (FIM) and SSO (Single Sign-On) are concepts or features; they are not protocols or standards. Both OIDC and SAML support SSO and Federated Identity Management (FIM).

References


您的公司在線銷售玩具,並在全球範圍內發貨。 對客戶進行身份驗證之後,客戶端瀏覽器將收到以下HTTP回應:

HTTP/1.1 200 OK
Content-Type: application/json

{
  “sub”: “VIP202003010001”,
  “name”: “Alice”,
  “email”: “alice@effectivecissp.com”,
  “picture”: “http://effectivecissp.com/i/alice.jpg
}

以下哪一項最能描述網站支持的協議或標準??
A. Federated Identity Management (FIM)
B. Security Assertion Markup Language (SAML)
C. OIDC (OpenID Connect)
D. SSO (Single Sign-On)

1 thought on “CISSP PRACTICE QUESTIONS – 20200302

Leave a Reply