A software development team is concerned with the integrity of the access token received from the web site after users logging in. Which of the following is least likely considered?
A. Is the access token altered?
B. Is the web site the genuine origin of the access token?
C. Is the web site signs the access token?
D. Is the access token in transit lost?
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Is the access token in transit lost?.
According to FISMA, “integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.”
- “Is the access token altered?” is about data integrity.
- “Is the web site the genuine origin of the access token” is about authenticity.
- “Is the web site signs the access token?” is about nonrepudiation.
- “Is the access token in transit lost” is about the availability of data.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.