nerdexam
ExamsCISSPQuestions#1533
(ISC)2(ISC)2

CISSP · Question #1533

CISSP Question #1533: Real Exam Question with Answer & Explanation

The question asks to identify the WS-Security specification responsible for security token issuance, renewal, and validation, which is WS-Trust.

Submitted by rohit_dlh· Mar 5, 2026Identity and Access Management (IAM)

Question

Hotspot Question Which Web Services Security (WS-Security) specification negotiates how security tokens will be issued, renewed and validated? Click on the correct specification in the image below. Answer:

Options

  • __typehotspot
  • variantdropdown

Explanation

The question asks to identify the WS-Security specification responsible for security token issuance, renewal, and validation, which is WS-Trust.

Approach. The correct interaction is to click on the box labeled 'WS-Trust'. WS-Trust is the Web Services specification that defines a framework for requesting and issuing security tokens, and for managing their trust relationships, including their issuance, renewal, and validation by a Security Token Service (STS). This directly aligns with the question's description of negotiating how security tokens will be issued, renewed, and validated.

Common mistakes.

  • common_mistake. Other choices are incorrect because they address different aspects of web service security or management:
  • WS-Secure Conversation: Focuses on establishing and sharing a security context for a series of messages to optimize security processing, not token issuance.
  • WS-Federation: Deals with brokering trust between different security realms and federating identity, which involves tokens but is distinct from the mechanics of token issuance/renewal itself.
  • WS-Authorization: Specifies how authorization decisions are made and enforced for web service access, concerning permissions rather than token lifecycle.
  • WS-Policy: Provides a generic model for expressing policies (e.g., security requirements, QoS capabilities) for web services, describing what security is needed, not how tokens are managed.
  • WS-Privacy: Defines how web services express their privacy preferences and handle personally identifiable information, unrelated to security token management.

Concept tested. Understanding the specific roles and functions of various Web Services (WS-*) specifications within the broader WS-Security framework, particularly regarding security token management and trust negotiation.

Topics

#WS-Security#Security tokens#WS-Trust#Web services

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISSP PracticeBrowse All CISSP Questions