Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 4 Question 57 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 57
Topic #: 4
[All CSSLP Questions]

A number of security patterns for Web applications under the DARPA contract have been developed by Kienzle, Elder, Tyree, and Edwards-Hewitt. Which of the following patterns are applicable to aspects of authentication in Web applications?b Each correct answer represents a complete solution. Choose all that apply.

Show Suggested Answer Hide Answer
Suggested Answer: A, D, E, F

The various patterns applicable to aspects of authentication in the Web applications are as follows:

Account lockout: It implements a limit on the incorrect password attempts to protect an account from automated password-guessing

attacks.

Authenticated session: It allows a user to access more than one access-restricted Web page without re-authenticating every page. It

also integrates user authentication into the basic session model.

Password authentication: It provides protection against weak passwords, automated password-guessing attacks, and mishandling of

passwords.

Password propagation: It offers a choice by requiring that a user's authentication credentials be verified by the database before

providing access to that user's data.

Answer B and C are incorrect. Secure assertion and partitioned application patterns are applicable to

software assurance in general.


by Carma at Sep 19, 2022, 02:18 AM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Stephanie
5 months ago
Partitioned application? Not sure how that fits in here.
upvoted 0 times
...
Theresia
5 months ago
B is crucial too, can't overlook secure assertions!
upvoted 0 times
...
Nathan
6 months ago
Wait, is Password propagation really a thing? Sounds sketchy.
upvoted 0 times
...
Jina
6 months ago
I think E is also important for security.
upvoted 0 times
...
Haydee
6 months ago
Definitely A and D for authentication!
upvoted 0 times
...
Chan
6 months ago
I feel like "Password propagation" is more about managing passwords rather than authentication itself, but I could be wrong.
upvoted 0 times
...
Ressie
6 months ago
"Account lockout" seems relevant for preventing unauthorized access, but I can't recall if it directly relates to authentication.
upvoted 0 times
...
Tasia
6 months ago
I remember practicing a question about secure assertions, so I feel like "Secure assertion" might be a valid choice too.
upvoted 0 times
...
Wade
6 months ago
I think "Authenticated session" and "Password authentication" are definitely related to authentication, but I'm not sure about the others.
upvoted 0 times
...
Yaeko
6 months ago
Okay, let me see if I can break this down. Metadata is information about the data itself, not the actual content. So in an indexing scenario, the fields that describe the source, type, and timing of the data would likely be considered metadata.
upvoted 0 times
...
Ashley
6 months ago
Prospective, concurrent, and retrospective review - those sound like the types of utilization review, so I'll go with D.
upvoted 0 times
...
Vicente
6 months ago
I feel pretty confident that the Publish / Subscribe pattern is the way to go here. B2C Commerce can publish the order details, the ERP system can subscribe to those events, process the order, and then publish the order number and status back to B2C Commerce. That seems to match the requirements nicely.
upvoted 0 times
...
Bev
6 months ago
This is a good opportunity to demonstrate my understanding of OSS features. I'll methodically go through each option and evaluate whether it's correct or not.
upvoted 0 times
...
Carli
7 months ago
I remember something about these digits indicating the vendor of the network adapter. Isn't that in option D?
upvoted 0 times
...

Save Cancel