Effective CISSP Questions

Which of the following doesn’t support the single sign-on (SSO) feature? (Wentz QOTD)
A. Credential Management Systems
B. Kerberos
C. Scripted access or logon scripts
D. Identity Federation

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Credential Management Systems.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Single Sign-On
Single Sign-On

Single sign-on (SSO) is a software feature that allows users to log in once and access services across various systems without re-entering authentication data. A user may enjoy the benefits of single sign-on using one and only one account (integrated identity) among homogeneous systems or multiple accounts (federated identity) across heterogeneous systems. In an environment where identities cannot be integrated or federated, logon scripts may automize the logon process to fulfill the single sign-on feature.

General Identity Federation Use Case
General Identity Federation Use Case
Kerberos Operation
Kerberos Operation (Source: Fulvio Ricciardi)

Credential Management System (CMS)

A credential binds an authenticator to an identifier. (CISSP CBK, 6th edition) A credential management system can be as simple as a password manager or as complicated as the registration authority (RA) or certificate authority (CA) in public key infrastructure.

“A CMS should support processes needed to enroll users, proof the identities they claim, issue credentials to verified users, and support management and oversight of existing credentials.” (CISSP CBK, 6th edition)

Entity, Attribute, and Identity
Entity, Attribute, and Identity
  • Identity: an attribute or set of attributes that uniquely describe a subject within a given context.
  • Identifier: Unique data used to represent a person’s identity and associated attributes. A name or a card number are examples of identifiers.
  • Authenticator: The means used to confirm the identity of a user, process, or device (e.g., user password or token).
  • Credential: Evidence or testimonials that support a claim of identity or assertion of an attribute and usually are intended to be used more than once. (CNSSI 4009-2015)


以下哪項不支持單一簽入 (SSO)? (Wentz QOTD)
A. 憑證管理系統 (Credential Management Systems)
B. Kerberos
C. 腳本訪問或登錄腳本
D. 身份聯合 (Identity Federation)

Leave a Reply