Which attack against single sign-on attempts to forge or replay an assertion that grants the attacker someone else's session?
A CISSP practice question covering Domain 5: Identity and Access Management (IAM). Try answering before reading the explanation below.
Show options & answer
Why "Token impersonation / SAML assertion forgery" is the right answer
Token-impersonation attacks (e.g., Golden SAML, forged JWT) create or replay a valid-looking assertion to bypass authentication. Strong signing, short token lifetimes, and audience/issuer validation are the defenses. Session fixation forces a known session ID; pass-the-cookie steals a live cookie; phishing is a delivery method.
Study videos for this topic
Want to go deeper on Domain 5? Watch the full breakdown — every video is free, no account, no upsell.
CISSP Domain 5: Authentication, MFA & Passkeys
Domain 5 — Identity and Access Management (IAM)
CISSP Domain 5: SSO, SAML, OAuth, OIDC & Kerberos
Domain 5 — Identity and Access Management (IAM)
CISSP Domain 5: DAC, MAC, RBAC, ABAC Explained
Domain 5 — Identity and Access Management (IAM)
CISSP Domain 5: Identity Lifecycle & PAM Explained
Domain 5 — Identity and Access Management (IAM)
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.