Effective CISSP Questions

You are implementing zero-trust architecture to prevent lateral movement. Which of the following is least likely to be used for authentication? (Wentz QOTD)
A. Public key infrastructure.
B. Port knocking
D. 802.1X

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. XACML.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Sample XACML Implementation
Sample XACML Implementation

XACML is designed to support authorization, not authentication.

XACML stands for “eXtensible Access Control Markup Language”. The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.

Source: Wikipedia

PAPPolicy Administration PointPoint which manages access authorization policies
PDPPolicy Decision PointPoint which evaluates access requests against authorization policies before issuing access decisions
PEPPolicy Enforcement PointPoint which intercepts user’s access request to a resource, makes a decision request to the PDP to obtain the access decision
(i.e. access to the resource is approved or rejected), and acts on the received decision
PIPPolicy Information PointThe system entity that acts as a source of attribute values (i.e. a resource, subject, environment)
PRPPolicy Retrieval PointPoint where the XACML access authorization policies are stored, typically a database or the filesystem.
Source: Wikipedia

Port Knocking and Single Packet Authorization (SPA)

802.1X is designed for authentication and used in network access control, while port knocking is an authentication mechanism at the transport layer. The correct sequence of connection attempts can be treated as the secret for authentication. A firewall will dynamically allow the connection only if the port knocking sequence is correct.

In computer networkingport knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A variant called single packet authorization (SPA) exists, where only a single “knock” is needed, consisting of an encrypted packet.

Source: Wikipedia

PKI and 802.1X

The public key infrastructure (PKI) and 802.1X are commonly implemented for authentication in the context of VPN, LAN, or wireless networks.



您正在實施零信任架構以防止橫向移動。 以下哪項最不可能用於身份驗證? (Wentz QOTD)
A. 公鑰基礎設施 (PKI)
B. 敲端口 (Port knocking)
D. 802.1X

Leave a Reply