New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSAP Exam - Topic 3 Question 73 Discussion

Actual exam question for ISC2's ISSAP exam
Question #: 73
Topic #: 3
[All ISSAP Questions]

Which of the following password authentication schemes enables a user with a domain account to log on to a network once, using a

password or smart card, and to gain access to multiple computers in the domain without being prompted to log in again?

Show Suggested Answer Hide Answer
Suggested Answer: A

password to each application. In SSO, a user can access all computer applications and systems where he has access permission without

entering multiple passwords. This reduces human error and systems failure and is therefore highly desirable. There are many commercial SSO

solutions available in the market. Some of them are as follows:

Central Authentication Service (CAS)

The Dutch NREN

CoSign

Enterprise Single Sign-On (E-SSO)

Web Single Sign-On (Web SSO)

Security Assertion Markup Language (SAML)

Direct SSO

Shibboleth

Answer option B is incorrect. A one-time password (OTP) is a password only valid for a single login session or transaction. OTP avoids a

number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTP is that OTP

is not vulnerable to replay attacks. If a potential intruder manages to record an OTP that was already used to log into a service or to conduct

a transaction, he will not be able to abuse it since it will be no longer valid.

Answer option D is incorrect. Kerberos is a secure protocol that supports ticketing authentication. A ticket is granted in response to a client

computer authentication request by the Kerberos authentication server, if the request contains valid user credentials and a valid Service

Principal Name (SPN). The ticket is then used by the client computer to access network resources. To enable Kerberos authentication, the

client and server computers must have a trusted connection to the domain Key Distribution Center (KDC). The task of KDC is to distribute

shared secret keys to enable encryption.

Answer option C is incorrect. In the dynamic password authentication scheme, passwords are changed after a specified time or time interval.


by Cordelia at Aug 29, 2023, 11:11 PM

Limited Time Offer

25%

Off

Get Premium ISSAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rosendo
3 months ago
Wait, are we sure about A? Sounds too easy.
upvoted 0 times
...
Shonda
3 months ago
Agreed, A is the best choice here!
upvoted 0 times
...
Launa
4 months ago
A seems right, but can it really be that simple?
upvoted 0 times
...
Avery
4 months ago
I thought it was D, Kerberos. Seems more secure.
upvoted 0 times
...
Arlette
4 months ago
Definitely A, Single Sign-On is the way to go!
upvoted 0 times
...
Marya
4 months ago
I feel like Single Sign-On is the right choice, but I also recall something about dynamic authentication. I hope I’m not mixing them up!
upvoted 0 times
...
Justine
4 months ago
One-time password seems off for this question since it usually requires a new password for each login.
upvoted 0 times
...
Mitsue
5 months ago
I remember discussing Kerberos in class, but I’m not clear if it fits the description of logging in once for multiple accesses.
upvoted 0 times
...
Owen
5 months ago
I think the answer might be Single Sign-On, but I'm not entirely sure. It sounds familiar from our practice questions.
upvoted 0 times
...
Daniel
5 months ago
Okay, I've got this. The key here is the phrase "single sign-on." That's the term used to describe the ability to log in once and then access multiple systems. So the answer has to be A, Single Sign-On. I'm confident that's the right choice.
upvoted 0 times
...
Estrella
5 months ago
I'm a bit confused by the wording of this question. Can someone clarify what exactly they mean by "a user with a domain account"? Does that mean a corporate network account or something else? I want to make sure I understand the context before I choose an answer.
upvoted 0 times
...
Laurel
5 months ago
Ah, I know this one! The answer is Kerberos. Kerberos is a network authentication protocol that enables a user to log in once and then access multiple computers on the network without having to enter their password again. It's a common single sign-on solution.
upvoted 0 times
...
Raina
5 months ago
Hmm, this is a tricky one. I'm not totally sure about the differences between these password authentication schemes. I'll have to think it through carefully and review my notes before selecting an answer.
upvoted 0 times
...
Herminia
5 months ago
I think this is asking about a password authentication scheme that allows a user to log in once and then access multiple computers without having to log in again. The options mention single sign-on, one-time password, and Kerberos - I'm pretty sure the answer is single sign-on.
upvoted 0 times
...
Belen
5 months ago
Hmm, this looks like a tricky one. I'll need to carefully review the error message and the possible solutions to make sure I understand what's going on.
upvoted 0 times
...
Edmond
5 months ago
Hmm, I'm a bit confused about the difference between static and dynamic testing. Let me think through this carefully.
upvoted 0 times
...
Veda
5 months ago
I'm a bit confused on this one. The state diagram doesn't seem directly relevant to representing the analysis boundary, so I'm leaning more towards the context diagram or data flow diagram as the best options.
upvoted 0 times
...

Save Cancel