CAS-002 Question #289: Real Exam Question with Answer & Explanation

Question

Options

• AEnsure the SaaS provider supports dual factor authentication.
• BEnsure the SaaS provider supports encrypted password transmission and storage.
• CEnsure the SaaS provider supports secure hash file exchange.
• DEnsure the SaaS provider supports role-based access control.
• EEnsure the SaaS provider supports directory services federation.

Explanation

Directory services federation allows users to authenticate to the SaaS CRM using their existing corporate identity provider credentials, eliminating the need for a separate set of user credentials.

Common mistakes.

• A. Multi-factor authentication strengthens the security of the login process but still requires users to maintain a separate credential set for the SaaS application, not eliminating the credential sprawl problem.
• B. Encrypting password transmission and storage protects credentials from interception and data breaches but does not remove the need for users to manage a distinct username and password for the SaaS platform.
• C. Secure hash file exchange is a file integrity verification mechanism and has no relevance to user authentication or the management of identity credentials across applications.
• D. Role-based access control defines what resources and actions are permitted after a user has already authenticated and does not address how users prove their identity or whether they need a separate credential to do so.

Concept tested. Directory services federation and SSO for SaaS credential management

Reference. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed

No community discussion yet for this question.