nerdexam
ExamsCAS-002Questions#222
CompTIA

CAS-002 · Question #222

CAS-002 Question #222: Real Exam Question with Answer & Explanation

The correct answer is C: The companies should federate, with the parent becoming the IdP, and the subsidiaries. In a federated identity model, the entity holding authoritative customer identity data becomes the IdP, while entities consuming that identity for service access become SPs.

Question

Company XYZ provides cable television service to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal data between the companies. Which of the following solutions is BEST suited for this scenario?

Options

  • AThe companies should federate, with the parent becoming the SP, and the subsidiaries
  • BThe companies should federate, with the parent becoming the IdP, and the subsidiaries
  • CThe companies should federate, with the parent becoming the IdP, and the subsidiaries
  • DThe companies should federate, with the parent becoming the ASP, and the subsidiaries

Explanation

In a federated identity model, the entity holding authoritative customer identity data becomes the IdP, while entities consuming that identity for service access become SPs.

Common mistakes.

  • A. Placing the parent as the SP means it would consume identity assertions from subsidiaries, reversing the logical trust anchor - the parent holds the authoritative data and should issue assertions, not receive them.
  • B. This option also places the parent as IdP but configures the subsidiaries in a role inconsistent with standard SP federation, failing to correctly map the service-consumption relationship.
  • D. ASP (Application Service Provider) is not a recognized role in standard identity federation protocols such as SAML or WS-Federation, making this technically invalid for an open-standards requirement.

Concept tested. Federated identity IdP and SP role assignment

Reference. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice