CISSP · Question #240
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is
The correct answer is A. organization policy.. The session timeout requirement is the maximum amount of time that a user can be inactive on an application before the session is terminated and the user is required to re-authenticate. The best reason for determining the session timeout requirement is the organization policy, as
Question
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is
Options
- Aorganization policy.
- Bindustry best practices.
- Cindustry laws and regulations.
- Dmanagement feedback.
How the community answered
(51 responses)- A75% (38)
- B4% (2)
- C6% (3)
- D16% (8)
Explanation
The session timeout requirement is the maximum amount of time that a user can be inactive on an application before the session is terminated and the user is required to re-authenticate. The best reason for determining the session timeout requirement is the organization policy, as it reflects the organization's risk appetite, security objectives, and compliance obligations. The organization policy should specify the appropriate session timeout value for different types of applications and data, based on their sensitivity and criticality.
Topics
Community Discussion
No community discussion yet for this question.