Secure Software Lifecycle Professional – CSSLP – Question024

Which of the following security design patterns provides an alternative by requiring that a user's authentication credentials be verified by the database before providing access to that user's data?

A.
Secure assertion
B. Authenticated session
C. Password propagation
D. Account lockout

Correct Answer: C

Explanation:

Explanation: Password propagation provides an alternative by requiring that a user’s authentication credentials be verified by the database before providing access to that user’s data. Answer: D is incorrect. Account lockout implements a limit on the incorrect password attempts to protect an account from automated password-guessing attacks. Answer: B is incorrect. Authenticated session allows a user to access more than one access-restricted Web page without re-authenticating every page. It also integrates user authentication into the basic session model. Answer: A is incorrect. Secure assertion distributes application-specific sanity checks throughout the system.