nerdexam
EC-Council

312-50V10 · Question #163

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

The correct answer is A. Single sign-on. Single sign-on (SSO) uses a Central Authentication Server so users authenticate once and receive credentials accepted by multiple connected systems without re-authenticating.

Information Security and Ethical Hacking Fundamentals

Question

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

Options

  • ASingle sign-on
  • BWindows authentication
  • CRole Based Access Control (RBAC)
  • DDiscretionary Access Control (DAC)

How the community answered

(38 responses)
  • A
    92% (35)
  • B
    5% (2)
  • D
    3% (1)

Why each option

Single sign-on (SSO) uses a Central Authentication Server so users authenticate once and receive credentials accepted by multiple connected systems without re-authenticating.

ASingle sign-onCorrect

SSO uses a Central Authentication Server to issue tokens or session credentials after a single login event, which are then accepted by all integrated downstream systems. This reduces credential fatigue, centralizes authentication policy enforcement, and provides seamless access across services - exactly matching the described scenario of authenticating once to gain access to multiple systems.

BWindows authentication

Windows Authentication is a specific protocol set (NTLM and Kerberos) tied to Microsoft environments and does not describe the general concept of a vendor-neutral CAS enabling multi-system access.

CRole Based Access Control (RBAC)

Role Based Access Control (RBAC) is an authorization model that assigns permissions based on job roles - it governs what users can do after authentication, not how they authenticate.

DDiscretionary Access Control (DAC)

Discretionary Access Control (DAC) is an access control model where resource owners define permissions on their objects - it is an authorization concept unrelated to centralized authentication.

Concept tested: Single sign-on with central authentication server

Source: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/what-is-single-sign-on

Topics

#single sign-on#CAS#centralized authentication#access control

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice