A software development team is concerned with the integrity of the access token received from the web site after users logging in. Which of the following is least likely considered?
A. Is the access token altered?
B. Is the web site the genuine origin of the access token?
C. Is the web site signs the access token?
D. Is the access token in transit lost?

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Is the access token in transit lost?.

According to FISMA, “integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.”

• “Is the access token altered?” is about data integrity.
• “Is the web site the genuine origin of the access token” is about authenticity.
• “Is the web site signs the access token?” is about nonrepudiation.
• “Is the access token in transit lost” is about the availability of data.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

• It is available on Amazon.
• Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

軟體開發團隊對於用戶在登入網站後所收到的訪問令牌(access token)的完整性有疑慮。以下哪項最不可能考慮到？
A. 訪問令牌是否有被更改？
B. 登入的網站是訪問令牌的真實來源嗎？
C. 網站是否在訪問令牌上簽名？
D. 傳輸中的訪問令牌是否丟失？