CISSP PRACTICE QUESTIONS – 20201229

Effective CISSP Questions

Your web application received a token from a subject, Alice@WentzWu.com, issued by a SAML-like ID provider. Which of the following is an assertion that best supports attribute-based access control?
A. Role
B. XACML
C. MaritalStatus=False
D. Alice@WentzWu.com

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. MaritalStatus=False.

An assertion is a statement about an entity or subject, usually expressed in the form of a name-value pair.

“MaritalStatus=False” is an assertion describing an entity with the attribute, MaritalStatus, with the value, False. This assertion can be used for authorization, while either the attribute (MaritalStatus) or value (False) alone is not sufficient.

  • The “role” of an entity is an attribute.
  • XACML is an XML-based protocol for authorization.
  • “Alice@WentzWu.com” is the value of the attribute, UserID or Username.
SAML Assertion

For example, a SAML assertion may carry statements about a subject as follows:

  • The subject is named “Wentz Wu.”
  • The subject has an email address of wentzwu@gmail.com.
  • The subject is a member of the “engineering” group.

The following are ISO definitions:

  • An assertion is the “sentence or proposition in logic which is asserted (or assumed) to be true.” (ISO/TS 21526:2019)
  • A claim is an “assertion of identity.” (ISO/IEC 24745:2011)

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

您的Web應用程式收到了來自基於類似SAML的ID提供者發給Alice@WentzWu.com這個主體(subject)的令牌。 以下哪個斷言(assertion)最能支持基於屬性的訪問控制(ABAC)?
A. Role
B. XACML
C. MaritalStatus=False
D. Alice@WentzWu.com

Leave a Reply