Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam CISSP topic 1 question 273 discussion

Actual exam question from ISC's CISSP
Question #: 273
Topic #: 1
[All CISSP Questions]

A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language
(SAML). What is the PRIMARY security benefit in switching to SAML?

  • A. It enables single sign-on (SSO) for web applications.
  • B. It uses Transport Layer Security (TLS) to address confidentiality.
  • C. It limits unnecessary data entry on web forms.
  • D. The users' password is not passed during authentication.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Rollizo
Highly Voted 1 year, 5 months ago
Selected Answer: A
SAML SSO (SINGLE SIGN-ON): SAML provides security by eliminating passwords for an app and replacing them with security tokens. Since we do not require any passwords for SAML logins, there is no risk of credentials being stolen by unauthorized users. It provides faster, easier, and trusted access to cloud applications.
upvoted 9 times
jackdryan
10 months, 2 weeks ago
D is correct
upvoted 1 times
...
Rollizo
1 year, 5 months ago
https://blogs.sap.com/2017/04/13/configure-saml-sso-for-sap-cloud-platform-using-an-external-identity-provider/ You need (usually) to enter the credentials during the first steps to authenticate to the IDP
upvoted 2 times
...
...
GuardianAngel
Most Recent 1 month, 2 weeks ago
Answer: It enables single sign-on (SSO) for web applications - 1.1 Drivers of SAML Adoption - SSO https://www.oasis-open.org/committees/download.php/20645/sstc-saml-tech-overview-2%200-draft-10.pdf 7.1 Web Browser Single Sign-On (SSO) Profiles Note that user authentication at the source site is explicitly out of scope, as are issues related to this source site authentication https://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf
upvoted 1 times
...
Soleandheel
3 months, 2 weeks ago
SAML's PRIMARY security benefit is the enablement of Single Sign-On (SSO) for web applications, which enhances security, user experience, and operational efficiency. While not passing the user's password during authentication is a significant security advantage, it is secondary to the core functionality of SAML, which is to facilitate SSO and provide a secure means of identity and access management. So, the correct answer is: A. It enables Single Sign-On (SSO) for web applications. C. is an important aspect of SAML but it is not the PRIMARY security benefit of SAML.
upvoted 1 times
Woo7
1 month, 3 weeks ago
agreed, primary benefit is the same as the primary goal
upvoted 1 times
...
...
CoolCat22
3 months, 3 weeks ago
Selected Answer: D
I think D has a better argument
upvoted 1 times
...
xxxBadManxxx
8 months, 3 weeks ago
A: is correct.
upvoted 1 times
...
HughJassole
9 months, 4 weeks ago
D. The question clearly asks for security benefit. It seems that not sending passwords is the direct security benefit. "Without SAML or other SSO technologies, applications would have to rely on passwords to verify their users, which is problematic....With SAML, SPs only have to store public keys, which are useless to attackers without the private keys held by the IdP." https://developer.okta.com/blog/2019/07/30/saml-whats-behind-sso
upvoted 2 times
...
[Removed]
1 year ago
Selected Answer: D
The question is asking for primary SECURITY benefit. SSO is ease of use benefit, where for D, token is being used instead of password, which is more secure. So the answer id D
upvoted 4 times
...
RVoigt
1 year, 1 month ago
Selected Answer: A
CISSP Official Study Guide pg 691 - "Security Assertion Markup Language (SAML) is an open XML-based standard commonly used to exchange authentication and authorization (AA) information between federated organizations. It provides SSO capabilities for browser access."
upvoted 4 times
RVoigt
1 year ago
CISSP Official Study Guide pg 659 - "Single sign-on (SSO) is a centralized access control technique that allows a subject to be authenticated once on a system and access multiple resources without authenticating again. SSO is convenient for users, but it also has security benefits. When users have to remember multiple usernames and passwords, they often resort to writing them down, ultimately weakening security. Users are less likely to write down a single password. SSO also eases administration by reducing the number of accounts required for a subject."
upvoted 1 times
liledag
1 year ago
"Yes, the correct answer is D. The primary security benefit of using SAML is that the users' passwords are not passed during authentication, which helps to improve security and protect against password-based attacks such as interception or theft. SAML uses security tokens to authenticate users, which are exchanged between the identity provider and service provider, and do not contain any user credentials such as passwords. This helps to maintain the confidentiality of user passwords and reduce the risk of compromise." ChatGPT
upvoted 2 times
...
...
...
Dee83
1 year, 2 months ago
A. is the answer . It enables single sign-on (SSO) for web applications. SAML primarily enables Single Sign-On (SSO) which allows users to authenticate once and access multiple web applications without needing to enter their credentials multiple times. It also allows for centralization of authentication which makes it easier for IT departments to manage users access and permissions for multiple web applications.
upvoted 2 times
...
evenkeel
1 year, 2 months ago
SSO reduces attack surface
upvoted 1 times
...
rajkamal0
1 year, 3 months ago
Selected Answer: D
SAML Provides Increased Security, SSO is definitely an advantage, but from a security benefit point of view, D is the best answer. SAML provides a single point of authentication, which happens at a secure identity provider. Then, SAML transfers the identity information to the service providers. This form of authentication ensures that credentials are only sent to the IdP directly.
upvoted 1 times
...
oudmaster
1 year, 3 months ago
What is Single Sign-On? Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.
upvoted 1 times
...
PeepoK
1 year, 3 months ago
Selected Answer: D
SSO is not a security benefit, passwords not being passed is...
upvoted 2 times
...
rdy4u
1 year, 5 months ago
Selected Answer: D
This SAML authentication approach means users do not need to remember multiple usernames and passwords. It also benefits service providers as it increases security of their own platform, primarily by avoiding the need to store (often weak and insecure) passwords and not having to address forgotten password issues. https://www.onelogin.com/learn/saml
upvoted 1 times
...
franbarpro
1 year, 5 months ago
Imagine your HR software (ADP) talking to your (401K) - Automatically. You sign into your ADP and click on the 401K link and p00fs you are automatically signed into your 401K sofware. Yea - I am going with "A" on this one.
upvoted 1 times
...
ygc
1 year, 5 months ago
A is correct, SAML is an open XML-based standard and commonly used to exchange authentication and authorization (AA) information between federated organizations. It provides SSO capabilities for browser access.
upvoted 3 times
...
BDSec
1 year, 6 months ago
Selected Answer: D
D seems right to me. SSO is more of a UX benefit.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...