CISSP PRACTICE QUESTIONS – 20200303

Effective CISSP Questions

Your company sells toys online and ships globally. After a customer is authenticated, the client browser receives the following HTTP response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  “sub”: “VIP202003010001”,
  “name”: “Alice”,
  “email”: “alice@effectivecissp.com”,
  “picture”: “http://effectivecissp.com/i/alice.jpg
}

If the HTTP response is encoded and rendered as a JSON Web Token (JWT) payload, which of the following layers of the ISO Open Systems Interconnection model best describes this design?
A. Application
B. Presentation
C. Session
D. Transport


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Presentation.

jwt_ng1_en

JSON Web Token (JWT)

  • A JWT message format comprises three parts: the header, payload, and signature.
  • The three parts are encoded separately using Base64url encoding and concatenated using periods to produce the JWT.
  • The signature is calculated by the cryptographic algorithm specified in the header, for example, HMAC-SHA256.

Presentation Concerns

  • The presentation layer translates, if needed, the abstract syntax defined at the application layer into its concrete syntax. The abstract syntax and concrete syntax are collectively called transfer syntax.
  • The presentation layer also deals with the common representation of the data. Encoding, formatting, encryption, and compression are typical concerns of the presentation layer.

Purpose of Presentation Layer

  • 7.2.2.1 The Presentation Layer provides for the representation of information that application-entities either communicate or refer to in their communication.
  • 7.2.2.2 The Presentation Layer provides for common representation of the data transferred between application-entities. This relieves application-entities of any concern with the problem of “common” representation of information, i.e. it provides them with syntax independence.
  • 7.2.2.3 The Presentation Layer ensures that the information content of the Application Layer data is preserved during transfer. Cooperating application-entities are responsible for determining the set of abstract syntaxes they employ in their communication. The Presentation Layer is informed of the abstract syntaxes that are to be employed. Knowing the set of abstract syntaxes to be used by the application-entities, the Presentation Layer is responsible for selecting mutually acceptable transfer syntaxes.

Source: ISO/IEC 7498-1:1994

References


您的公司在線銷售玩具,並在全球範圍內發貨。 對客戶進行身份驗證之後,客戶端瀏覽器將收到以下HTTP回應:

HTTP/1.1 200 OK
Content-Type: application/json

{
  “sub”: “VIP202003010001”,
  “name”: “Alice”,
  “email”: “alice@effectivecissp.com”,
  “picture”: “http://effectivecissp.com/i/alice.jpg
}

如果HTTP回應被編碼為JSON Web令牌(JWT)的訊息(payload),則ISO 開放系統互連模型的以下哪一層最能描述此設計?
A. Application
B. Presentation
C. Session
D. Transport

1 thought on “CISSP PRACTICE QUESTIONS – 20200303

Leave a Reply