Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During integration of a new SaaS HR application with the organization's SAML 2.0 single sign-on service, testing reveals that intercepted SAML assertions remain usable for nearly eight hours-their default lifetime. Which configuration change on the identity provider and service provider will most effectively reduce this replay risk while still allowing seamless SSO for legitimate users?

  • Allow only identity-provider-initiated SSO so users never reach the SaaS login page.

  • Remove the AudienceRestriction element so the same assertion can be reused across multiple SaaS applications without additional logins.

  • Include the user's password hash in the assertion attributes so the service provider can perform local authentication.

  • Configure both parties to issue and accept only signed assertions that expire within a few minutes of issuance.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot