Page418

  1. What is an XML-based framework for exchanging security information, including authentication data?
    A. Kerberos
    B. OpenID
    C. SAML
    D. TACACS

Correct Answer and Explanation: C. Answer C is correct; SAML is an XML-based framework for exchanging security information, including authentication data.

Incorrect Answers and Explanations: A, B, and D. Answers A, B, and D are incorrect. Kerberos is a third-party authentication service that may be used to support Single Sign-On. OpenID is a framework for exchanging authentication data, but is not XML-based. TACACS is a centralized access control system that requires users to send an ID and static (reusable) password for authentication.

  1. Which authentication protocol leverages tokens for communicating identity information details?
    A. OAuth
    B. OIDC
    C. SAML
    D. Kerberos

Correct Answer and Explanation: B. Answer B is correct; OpenID Connect (OIDC) employs tokens, such as the ID token, and is characterized as an authentication protocol.

Incorrect Answers and Explanations: A, C, and D. Answers A, C, and D are incorrect. OAuth does employ tokens, but it provides for authorization rather than authentication. SAML and Kerberos could both be considered authentication protocols, but neither employ tokens for communicating identity information. Rather than tokens, SAML employs assertions while Kerberos functions via tickets.

  1. Server A trusts server B. Server B trusts Server C. Server A therefore trusts server C. What term describes this trust relationship?
    A. Domain trust
    B. Forest trust
    C. Non-transitive trust
    D. Transitive Trust

Correct Answer and Explanation: D. D is the correct answer. Transitive trusts exist between two partners and all of their partners. For example: if A trusts B, in a transitive trust, A will trust B and all of B’s trust partners.

Incorrect Answers and Explanations: A, B, and C. Domain and Forest trust are less-specific terms that are not required to be transitive. Non-transitive trust is the opposite of transitive trust.

  1. A policy that states a user must have a business requirement to view data before attempting to do so is an example of enforcing what?
    A. Least privilege
    B. Need to know
    C. Rotation of duties
    D. Separation of duties

Correct Answer and Explanation: B. Answer B is correct; need to know means the user must have a need (requirement) to access a specific object before doing so.

Incorrect Answers and Explanations: A, C, and D. Answers A, C, and D are incorrect. Least privilege is less granular than need to know: users have the least amount of privilege to do their jobs, but objects are still typically grouped together (such as allowing access to all backup tapes for a backup administrator). Separation of duties is designed to divide sensitive tasks among multiple subjects. Rotation of duties is designed to mitigate collusion.

  1. What technique would raise the False Accept Rate (FAR) and lower the False Reject Rate (FRR) in a fingerprint scanning system?
    A. Decrease the amount of minutiae that is verified
    B. Increase the amount of minutiae that is verified
    C. Lengthen the enrollment time
    D. Lower the throughput time

Correct Answer and Explanation: A. Answer A is correct; decreasing the amount of minutiae will make the accuracy of the system lower, which lowers false rejects but raises false accepts.

Incorrect Answers and Explanations: B, C, and D. Answers B, C, and D are incorrect. Increasing the amount of minutiae will make the system more accurate, increasing the FRR and lowering the FAR. Enrollment and throughput time are not directly connected to FAR and FRR.