CISSP Question #1309: Real Exam Question with Answer & Explanation

Question

Which of the following is an open standard for exchanging authentication and authorization data between parties?

Options

• AWired markup language
• BHypertext Markup Language (HTML)
• CExtensible Markup Language (XML)
• DSecurity Assertion Markup Language (SAML)

Explanation

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, such as a service provider and an identity provider. SAML is based on Extensible Markup Language (XML), which is a markup language that defines a set of rules for encoding and structuring data in a human-readable and machine-readable format. SAML enables single sign-on (SSO), which is a system that allows a user to log in and access multiple related servers and applications with a single authentication process. SAML uses assertions, which are statements that contain information about the user, such as their identity, attributes, or privileges, to communicate between the parties. SAML also uses protocols, which are sets of rules and messages that define how the parties request and respond to the assertions, to establish the trust and security of the communication. Wired markup language is not a term used in information security, but it could refer to a markup language that is used for creating web pages or applications that run on a wired network. Hypertext Markup Language (HTML) is a markup language that is used for creating and displaying web pages or applications that run on a web browser. HTML is not an open standard for exchanging authentication and authorization data between parties, but rather a standard for defining the structure and content of web pages or applications.

No community discussion yet for this question.