100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CCSK Domain 10 Application Security Questions with 100% Actual correct answers | verified | latest update | Graded A+ | Already Passed | Complete Solution £6.46   Add to cart

Exam (elaborations)

CCSK Domain 10 Application Security Questions with 100% Actual correct answers | verified | latest update | Graded A+ | Already Passed | Complete Solution

 4 views  0 purchase

CCSK Domain 10 Application Security Questions with 100% Actual correct answers | verified | latest update | Graded A+ | Already Passed | Complete Solution

Preview 2 out of 7  pages

  • June 18, 2024
  • 7
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
All documents for this subject (91)
avatar-seller
Hkane
CCSK Domain 10 Application Security
XACML - ANS-eXtensible Access Control Markup Language

OpenID - ANS-an open standard permitting users to be authenticated in a decentralized
manner

OAuth - ANS-Open Authorization, an open standard for authorization allowing users to
share their private resources with tokens instead of credentials

SAML - ANS-Security Assertion Markup Language, an XML-based OASIS open
standard for exchanging authentication & authorization data between security domains

IdEA - ANS-Identity
Entitlement
Access Management

ISAE 3402 / SSAE 16 - ANS-replaces SAS 70

What are the components of IdEA? - ANS-Authentication
Authorization
Administration
Audit and Compliance
Policy

For user-centric authorization model, the user is the _______________. The user
determines the access for their resources, and the service provider acts as
_______________. - ANS-PDP, PEP

OAuth is widely used for this model, and User Managed Access (UMA) is also an
emerging standard in this space.

For an enterprise-centric authorization model, the enterprise is the _______________
or _______________ and the service provider acts as _______________ - ANS-PDP
Policy Access Point (PAP)
PEP

Authorization - ANS-in broadest terms refers to enforcing the rules by which access is
granted to the resources

, What are the 3 approaches for interoperability testing? - ANS-Testing all pairs
Testing some of the combinations
Testing against a reference implementation

OWASP Testing Guide V3.0

Penetration Testing - ANS-Configuration Management Testing
Business Logic Testing
Authentication Testing
Session Management Testing
Data Validation Testing
Denial of Service
Web Service Testing
Ajax Testing (RIA Security Testing)

Mash-up - ANS-A mashup in web development is a web page or web application, that
uses content from more than one-source to create a single new service displayed in a
single graphical interface.

The term implies easy, fast integration, frequently using open API and data sources to
produce enriched results that were not necessarily the original reason for producing the
raw source data

Threat for cloud apps & cooresponding address by IdEA - ANS-Spoofing --
Authentication
Tampering -- Hash or Digital Signature
Repudiation -- Digital Signature (use SAML) *****************audit logging
Information Disclosure -- SSL, encryption
*****************(strictly not IdEA specific)
Denial of Service -- Security Gateway
Elevation of Privileges -- Authorization (OAuth)

SAPM - ANS-Shared Acct Password Management

manages highly privileged accounts allows for segregation of duties and least priviledge

SCIM - ANS-Simple Cloud Identity Management
(new emerging standard)

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Hkane. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for £6.46. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

62890 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy revision notes and other study material for 14 years now

Start selling
£6.46
  • (0)
  Add to cart