A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language (SAML). What is the PRIMARY security benefit in switching to SAML?
A.
It enables single sign-on (SSO) for web applications.
B.
It uses Transport Layer Security (TLS) to address confidentiality.
C.
It limits unnecessary data entry on web forms.
D.
The users' password is not passed during authentication.
SAML SSO (SINGLE SIGN-ON): SAML provides security by eliminating passwords for an app and replacing them with security tokens. Since we do not require any passwords for SAML logins, there is no risk of credentials being stolen by unauthorized users. It provides faster, easier, and trusted access to cloud applications.
https://blogs.sap.com/2017/04/13/configure-saml-sso-for-sap-cloud-platform-using-an-external-identity-provider/
You need (usually) to enter the credentials during the first steps to authenticate to the IDP
The correct answer is D. User passwords are not sent.
SAML (Security Assertion Markup Language) is a protocol that helps realize identity federation and single sign-on (SSO). The main security advantage is that the user's password is not sent to the service provider (SP) during authentication, but is instead authenticated using a token (assertion). This reduces the risk of passwords being intercepted or leaked.
Explanation for each option:
A. Enabling SSO: SAML is commonly used to realize SSO, but this question asks about the "main security advantage," and SSO has a strong aspect of improving convenience.
B. Ensuring confidentiality with TLS: TLS ensures confidentiality at the transport layer, but this is not a feature unique to SAML and can be used with other protocols.
C. Restricting unnecessary data entry: This is not a direct security advantage of SAML.
D. User passwords are not sent: Authentication is performed using a token (assertion) instead of directly exchanging passwords, reducing the risk of password leaks. This is the main security advantage of SAML.
It's understandable why some might initially think the answer is D because it highlights an important security aspect of SAML: passwords are not directly passed during authentication. However, let's clarify:
Why A (SSO) is the correct answer:
SAML’s primary purpose is to enable single sign-on (SSO). This means users can authenticate once (with an identity provider, or IdP) and access multiple web applications without repeatedly logging in.
The mechanism of not passing passwords directly is a secondary security feature of SAML, but it's not the primary reason organizations adopt SAML.
In essence, D is a feature of SAML, while A (SSO) is the overarching primary security benefit that comes with using SAML in web applications.
The actual password isn't transmitted during modern authentication, not just in single sign-on. SAML enables single sign-on, the benefit is that users only need 1 password. So the answer is A.
no wonder so many people fail cissp. So many answers are thinking too technical and closed minding saying SSO isnt a security benefit. How is users needing to remember less credentials and having less password resets not a security benefit?
While using tokens is a benefit of Saml its not the primary one. Infact SAML tokens can be targets just as much as a password, hash, or ticket can
Answer: It enables single sign-on (SSO) for web applications - 1.1 Drivers of SAML Adoption - SSO https://www.oasis-open.org/committees/download.php/20645/sstc-saml-tech-overview-2%200-draft-10.pdf
7.1 Web Browser Single Sign-On (SSO) Profiles Note that user authentication at the source site is explicitly out of scope, as are issues related to this source site authentication
https://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf
SAML's PRIMARY security benefit is the enablement of Single Sign-On (SSO) for web applications, which enhances security, user experience, and operational efficiency. While not passing the user's password during authentication is a significant security advantage, it is secondary to the core functionality of SAML, which is to facilitate SSO and provide a secure means of identity and access management.
So, the correct answer is:
A. It enables Single Sign-On (SSO) for web applications.
C. is an important aspect of SAML but it is not the PRIMARY security benefit of SAML.
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Rollizo
Highly Voted 2 years, 7 months agojackdryan
1 year, 11 months agoRollizo
2 years, 7 months agoa_kto_to
Most Recent 3 days agoBigITGuy
1 month agolifre
3 months, 2 weeks agoLexyron
3 months, 4 weeks agophorus
4 months, 2 weeks agoziyaetuk
5 months, 1 week agoJohnBentass
10 months, 2 weeks agoCCNPWILL
11 months agoTheManiac
11 months, 2 weeks agoklarak
11 months, 4 weeks agotheMech
1 year agoeboehm
1 year agoeboehm
1 year agoGuardianAngel
1 year, 2 months agoSoleandheel
1 year, 4 months agoWoo7
1 year, 2 months agoCoolCat22
1 year, 5 months agoxxxBadManxxx
1 year, 9 months ago