CSSLP · Question #272
CSSLP Question #272: Real Exam Question with Answer & Explanation
The correct answer is A: Authenticated session. For web applications, key security patterns applicable to authentication include maintaining an authenticated session, using password authentication methods, implementing account lockout mechanisms to deter brute-force attacks, and managing password propagation securely.
Question
A number of security patterns for Web applications under the DARPA contract have been developed by Kienzle, Elder, Tyree, and Edwards-Hewitt. Which of the following patterns are applicable to aspects of authentication in Web applications?b Each correct answer represents a complete solution. Choose all that apply.
Options
- AAuthenticated session
- BSecure assertion
- CPartitioned application
- DPassword authentication
- EAccount lockout
- FPassword propagation
Explanation
For web applications, key security patterns applicable to authentication include maintaining an authenticated session, using password authentication methods, implementing account lockout mechanisms to deter brute-force attacks, and managing password propagation securely.
Common mistakes.
- B. Secure assertion is a pattern related to securely transmitting identity information between systems (e.g., in federated identity), which typically follows an initial authentication, rather than being a core authentication pattern itself.
- C. Partitioned application is an architectural pattern for segregating application components for isolation and resilience, which relates to overall system design, not directly to authentication processes.
Concept tested. Web application security patterns - Authentication
Topics
Community Discussion
No community discussion yet for this question.