CAS-001 · Question #471
CAS-001 Question #471: Real Exam Question with Answer & Explanation
The correct answer is A: A circle of trust can be formed with all domains authorized to delegate trust to an IdP. The two correct answers are A and D. A is correct because a separate IdP allows a circle of trust to be established across all domains that delegate authentication to that IdP, enabling federated identity across diverse environments including the CSP and external partners. D is c
Question
Options
- AA circle of trust can be formed with all domains authorized to delegate trust to an IdP
- BIdentity verification can occur outside the circle of trust if specified or delegated
- CReplication of data occurs between the CSP and IdP before a verification occurs
- DGreater security can be provided if the circle of trust is formed within multiple CSP domains
- EFaster connections can occur between the CSP and IdP without the use of SAML
Explanation
The two correct answers are A and D. A is correct because a separate IdP allows a circle of trust to be established across all domains that delegate authentication to that IdP, enabling federated identity across diverse environments including the CSP and external partners. D is correct because separating the IdP from the CSP allows the circle of trust to span multiple CSP domains, which provides greater security by avoiding vendor lock-in and ensuring identity management is not solely dependent on one provider. B is incorrect because identity verification occurring 'outside the circle of trust' undermines the trust model. C is incorrect because data replication between CSP and IdP prior to verification is not a benefit - it introduces latency and complexity. E is incorrect because SAML is the standard federation protocol and its absence would reduce interoperability, not improve speed.
Community Discussion
No community discussion yet for this question.